CVE-2019-2961

Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L).

CVSS v3 3.6 LOW
CVSS v2.0 3.3 LOW

3.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*

History

21 Nov 2024, 04:41

Type	Values Removed	Values Added
References	~~() http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Vendor Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - Patch, Vendor Advisory

Information

Published : 2019-10-16 18:15

Updated : 2024-11-21 04:41

NVD link : CVE-2019-2961

Mitre link : CVE-2019-2961

CVE.ORG link : CVE-2019-2961

JSON object : View

Products Affected

oracle

solaris

CWE

NVD-CWE-noinfo

{"id": "CVE-2019-2961", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.0}]}, "published": "2019-10-16T18:15:31.077", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)."}, {"lang": "es", "value": "Una vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: SMF services & legacy daemons). La versi\u00f3n compatible que est\u00e1 afectada es la 11. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante poco privilegiado con inicio de sesi\u00f3n en la infraestructura donde es ejecutado Oracle Solaris comprometer a Oracle Solaris. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en actualizar, insertar o eliminar de forma no autorizada el acceso a algunos de los datos accesibles de Oracle Solaris y en la capacidad no autorizada de causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Solaris. CVSS 3.0 Puntuaci\u00f3n Base 3.6 (Impactos de la Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)."}], "lastModified": "2024-11-21T04:41:52.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}