Vulnerability Details : CVE-2017-3510
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized NIC driver). The supported version that is affected is 11.3. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data. CVSS 3.0 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).
Products affected by CVE-2017-3510
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3510
0.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3510
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
|
9.6
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
3.1
|
5.8
|
NIST |
References for CVE-2017-3510
-
http://www.securityfocus.com/bid/97813
Oracle Solaris CVE-2017-3510 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038292
Solaris Flaws Let Remote and Local Users Obtain Elevated Privileges and Deny Service and Let Local Users Access and Modify Data - SecurityTracker
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Oracle Critical Patch Update - April 2017Patch;Vendor Advisory
Jump to