TROYANOSYVIRUS
Back to CVEs

CVE-2020-14871

CRITICALCISA KEV
10.0

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVE Details

CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/21/2020
Last Modified10/27/2025
Sourcekev
Honeypot Sightings0

CISA KEV

VendorOracle
ProductSolaris and Zettabyte File System (ZFS)
Vulnerability NameOracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown

Affected Products

oracle:solaris

Weaknesses (CWE)

CWE-787CWE-787

References

http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2021/03/03/1(secalert_us@oracle.com)
http://www.openwall.com/lists/oss-security/2024/07/03/3(secalert_us@oracle.com)
https://www.oracle.com/security-alerts/cpuoct2020.html(secalert_us@oracle.com)
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/03/03/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2024/07/03/3(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2020.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.