Main Vulnerability Database Vulnerabilities #VU39110

Input validation error in Sun ZFS Storage Appliance Kit - CVE-2017-3584

Published: April 24, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39110

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Clear

CVE-ID: CVE-2017-3584

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Oracle

Affected software:
Sun ZFS Storage Appliance Kit

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

How to mitigate CVE-2017-3584

Install update from vendor's website.

Input validation error in Sun ZFS Storage Appliance Kit - CVE-2017-3584

Detailed vulnerability description

How to mitigate CVE-2017-3584

Sources

Please verify you're human