← Volver a CVEs
CVE-2019-3010
HIGHCISA KEV8.8
Descripcion
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/16/2019
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorOracle
ProductoSolaris
Nombre vulnerabilidadOracle Solaris Privilege Escalation Vulnerability
Fecha inclusion KEV2022-05-25
Fecha limite remediacion2022-06-15
Uso en ransomwareUnknown
Productos afectados
oracle:solaris
Referencias
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(secalert_us@oracle.com)
http://seclists.org/fulldisclosure/2019/Oct/39(secalert_us@oracle.com)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Oct/39(af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.