ID CVE-2020-14871
Summary Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
References
Vulnerable Configurations
  • cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:sparc:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:sparc:*
  • cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:x86:*
    cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:x86:*
  • cpe:2.3:o:oracle:solaris:10:*:*:ko:*:*:sparc:*
    cpe:2.3:o:oracle:solaris:10:*:*:ko:*:*:sparc:*
  • cpe:2.3:o:oracle:solaris:10:*:*:ko:*:*:x86:*
    cpe:2.3:o:oracle:solaris:10:*:*:ko:*:*:x86:*
  • cpe:2.3:o:oracle:solaris:10:*:*:ko:sparc:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:ko:sparc:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:th:*:*:sparc:*
    cpe:2.3:o:oracle:solaris:10:*:*:th:*:*:sparc:*
  • cpe:2.3:o:oracle:solaris:10:*:*:th:*:*:x86:*
    cpe:2.3:o:oracle:solaris:10:*:*:th:*:*:x86:*
  • cpe:2.3:o:oracle:solaris:10:*:*:th:sparc:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:th:sparc:*:*:*
  • cpe:2.3:o:oracle:solaris:10:*:*:zh:*:*:sparc:*
    cpe:2.3:o:oracle:solaris:10:*:*:zh:*:*:sparc:*
  • cpe:2.3:o:oracle:solaris:10:*:*:zh:*:*:x86:*
    cpe:2.3:o:oracle:solaris:10:*:*:zh:*:*:x86:*
  • cpe:2.3:o:oracle:solaris:10:*:*:zh:sparc:*:*:*
    cpe:2.3:o:oracle:solaris:10:*:*:zh:sparc:*:*:*
  • cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
    cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 03-06-2022 - 18:47)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
misc
saint via4
description Solaris SunSSH libpam buffer overflow
title sunssh_libpam_bo
type remote
Last major update 03-06-2022 - 18:47
Published 21-10-2020 - 15:15
Last modified 03-06-2022 - 18:47
Back to Top