CISA KEV 정보
| 취약점명 | Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability |
|---|---|
| 설명 | Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-787 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2020-14871 |
NVD 상세 정보
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV:N/AC:L/Au:N/C:C/I:C/A:C설명: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CWE: CWE-787 | CWE-787
참조
- http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html [Exploit, Third Party Advisory, VDB Entry]
- http://www.openwall.com/lists/oss-security/2021/03/03/1 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2024/07/03/3 [Mailing List, Patch]
- https://www.oracle.com/security-alerts/cpuoct2020.html [Vendor Advisory]
- http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html [Exploit, Third Party Advisory, VDB Entry]
- http://www.openwall.com/lists/oss-security/2021/03/03/1 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2024/07/03/3 [Mailing List, Patch]
- https://www.oracle.com/security-alerts/cpuoct2020.html [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.