TROYANOSYVIRUS
Volver a CVEs

CVE-2020-14871

CRITICALCISA KEV
10.0

Descripcion

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Detalles CVE

Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/21/2020
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorOracle
ProductoSolaris and Zettabyte File System (ZFS)
Nombre vulnerabilidadOracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown

Productos afectados

oracle:solaris

Debilidades (CWE)

CWE-787CWE-787

Referencias

http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2021/03/03/1(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2024/07/03/3(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpuoct2020.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/03/03/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/07/03/3(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.