TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-14871

CRITICALCISA KEV
10.0

Beschreibung

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVE Details

CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/21/2020
Zuletzt geandert10/27/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerOracle
ProduktSolaris and Zettabyte File System (ZFS)
SchwachstellennameOracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown

Betroffene Produkte

oracle:solaris

Schwachen (CWE)

CWE-787CWE-787

Referenzen

http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2021/03/03/1(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2024/07/03/3(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpuoct2020.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/03/03/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/07/03/3(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.