CVE-2020-14871

Опубликовано: 21 окт. 2020

Источник: nvd

CVSS3: 10

CVSS2: 10

EPSS Высокий

Описание

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Ссылки

http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2021/03/03/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/03/3
Mailing List
Patch
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2021/03/03/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/03/3
Mailing List
Patch
https://www.oracle.com/security-alerts/cpuoct2020.html
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*

Версия от 10 (включая) до 11.1 (исключая)

cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.88872

Высокий

10 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-7pcp-8fjh-246q

CVSS3: 10

github

больше 3 лет назад

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

BDU:2020-05303

CVSS3: 10

fstec

больше 5 лет назад

Уязвимость функции parse_user_name() библиотеки libpam подключаемого модуля проверки подлинности Pluggable authentication module операционной системы Solaris, позволяющая нарушителю получить полный контроль над приложением

EPSS

Процентиль: 100%

0.88872

Высокий

10 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787