CVE-2008-4722

SUN Integrated Lights-out Manager < 2.0 - Authentication Bypass

Title source: rule

Description

Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.

References (6)

[Vendor Advisory] http://secunia.com/advisories/32298

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-243486-1

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1021094

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46023

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31861

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2890

Scores

EPSS 0.0138

EPSS Percentile 80.1%

Classification

CWE

CWE-287

Status draft

Affected Products (38)

sun/integrated_lights-out_manager

sun/blade_6000_modular_system_with_chassis < 2.0

sun/blade_6048_modular_system_with_chassis < 2.0

sun/blade_8000_modular_system < 2.1.1

sun/blade_8000p_modular_system < 2.1.1

sun/blade_t6320_server_module < 7.1.6

sun/blade_x6220_with_server_module_software < 2.0

sun/blade_x6250_with_server_module_software < 2.0

sun/blade_x6450_with_server_module_software < 2.0

sun/blade_x8400 < 2.0.2

sun/blade_x8420 < 2.0.2

sun/blade_x8440 < 2.0.2

sun/blade_x8450 < 2.1

sun/fire_x2250_server < sw_1.1

sun/fire_x4100_server < sw_1.5.1

... and 23 more

Timeline

Published Oct 23, 2008

Tracked Since Feb 18, 2026