Vulnerability CVE-2020-14871

Vulnerability CVE-2020-14871

Published: 2020-10-21

Description:

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

See advisories in our WLB2 database:

	Topic	Author	Date
High	Solaris SunSSH 11.0 x86 libpam Remote Root	Hacker Fantastic	22.05.2021

Type:

NVD-CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Oracle -> Solaris

References:

https://www.oracle.com/security-alerts/cpuoct2020.html

Copyright 2024, cxsecurity.com