CVE-2008-4722

Published: Oct 23, 2008Modified: Apr 23, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.

Affected (39)

Products: Sun: Integrated Lights Out Manager, Blade 6000 Modular System With Chassis, Blade 6048 Modular System With Chassis, Blade 8000 Modular System, Blade 8000p Modular System, Blade T6320 Server Module, Blade X6220 With Server Module Software, Blade X6250 With Server Module Software, Blade X6450 With Server Module Software, Blade X8400, Blade X8420, Blade X8440, Blade X8450, Fire X2250 Server, Fire X4100 Server, Fire X4100m2 Server, Fire X4140 Server, Fire X4150 Server, Fire X4200 Server, Fire X4200m2 Server, Fire X4240 Server, Fire X4250 Server, Fire X4440 Server, Fire X4450 Server, Fire X4500 Server, Fire X4540 Server, Fire X4600 Server, Fire X4600m2 Server, Netra, Netra X4200m2 Server, Netra X4250 Server, Netra X4450, Sparc Enterprise Server T5120, Sparc Enterprise Server T5140, Sparc Enterprise Server T5220, Sparc Enterprise Server T5240, Sparc Enterprise Server T5440

37 products

Integrated Lights Out Manager

Blade 6000 Modular System With Chassis

Blade 6048 Modular System With Chassis

Blade 8000 Modular System

Blade 8000p Modular System

Blade T6320 Server Module

Blade X6220 With Server Module Software

Blade X6250 With Server Module Software

Blade X6450 With Server Module Software

Fire X2250 Server

Fire X4100 Server

Fire X4100m2 Server

Fire X4140 Server

Fire X4150 Server

Fire X4200 Server

Fire X4200m2 Server

Fire X4240 Server

Fire X4250 Server

Fire X4440 Server

Fire X4450 Server

Fire X4500 Server

Fire X4540 Server

Fire X4600 Server

Fire X4600m2 Server

Netra X4200m2 Server

Netra X4250 Server

Sparc Enterprise Server T5120

Sparc Enterprise Server T5140

Sparc Enterprise Server T5220

Sparc Enterprise Server T5240

Sparc Enterprise Server T5440

Configuration A

39 vulnerable

Vulnerable Software	Affected Versions
Sun Integrated Lights Out Manager	All versions
Sun Blade 6000 Modular System With Chassis	Up to 2.0
Sun Blade 6048 Modular System With Chassis	Up to 2.0
Sun Blade 8000 Modular System	Up to 2.1.1
Sun Blade 8000p Modular System	Up to 2.1.1
Sun Blade T6320 Server Module	Up to 7.1.6
Sun Blade X6220 With Server Module Software	Up to 2.0
Sun Blade X6250 With Server Module Software	Up to 2.0
Sun Blade X6450 With Server Module Software	Up to 2.0
Sun Blade X8400	Up to 2.0.2
Sun Blade X8420	Up to 2.0.2
Sun Blade X8440	Up to 2.0.2
Sun Blade X8450	Up to 2.1
Sun Fire X2250 Server	Up to sw_1.1
Sun Fire X4100 Server	Up to sw_1.5.1
Sun Fire X4100m2 Server	Up to sw_2.1
Sun Fire X4140 Server	Up to sw_2.1
Sun Fire X4150 Server	Up to sw_2.0
Sun Fire X4200 Server	Up to sw_1.5.1
Sun Fire X4200m2 Server	Up to sw_2.1
Sun Fire X4240 Server	Up to sw_2.1
Sun Fire X4250 Server	Up to sw_1.1
Sun Fire X4440 Server	Up to sw_2.1
Sun Fire X4450 Server	Up to sw_2.1.0
Sun Fire X4500 Server	Up to sw_1.5
Sun Fire X4540 Server	Up to sw_1.0
Sun Fire X4600 Server	Up to sw_1.4
Sun Fire X4600m2 Server	Up to sw_2.1.2
Sun Netra	Up to t5440_server
Sun Netra	Up to cp3260_atca_blade_server
Sun Netra	Up to t5220_server
Sun Netra X4200m2 Server	Up to sw_2.1
Sun Netra X4250 Server	Up to sw_1.1
Sun Netra X4450	Up to sw_1.1
Sun Sparc Enterprise Server T5120	Up to 7.1.6
Sun Sparc Enterprise Server T5140	Up to 7.1.6
Sun Sparc Enterprise Server T5220	Up to 7.1.6
Sun Sparc Enterprise Server T5240	Up to 7.1.6
Sun Sparc Enterprise Server T5440	Up to 7.1.5b

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (12)

http://secunia.com/advisories/32298

Source: cve@mitre.org

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243486-1

Source: cve@mitre.org

http://www.securityfocus.com/bid/31861

Source: cve@mitre.org

http://www.securitytracker.com/id?1021094

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/2890

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/46023

Source: cve@mitre.org

http://secunia.com/advisories/32298

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-243486-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31861

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021094

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/2890

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/46023

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.