Vulnerability Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Solaris | >= 10, < 11.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.htThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-RemotExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_userExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2021/03/03/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2024/07/03/3Mailing ListPatch
- https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
- http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.htThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-RemotExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_userExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.htmlExploitThird Party AdvisoryVDB Entry
- http://www.openwall.com/lists/oss-security/2021/03/03/1Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2024/07/03/3Mailing ListPatch
- https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource
FAQ
What is CVE-2020-14871?
CVE-2020-14871 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows ...
How severe is CVE-2020-14871?
CVE-2020-14871 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-14871?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris.