CVE-2017-3632

high-risk

Published 2017-08-08

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: CDE Calendar). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3632 is assigned to the "EASYSTREET" vulnerability. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Do I need to act?

10.3% chance of exploitation in next 30 days

EPSS score — higher than 90% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Solaris

Affected Vendors

Oracle

References (6)

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Third Party Advisory http://www.securityfocus.com/bid/99857

Third Party Advisory http://www.securitytracker.com/id/1038938

Patch http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Third Party Advisory http://www.securityfocus.com/bid/99857

Third Party Advisory http://www.securitytracker.com/id/1038938

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 11/34 · Low

Exposure 7/34 · Low