CVE-2020-14871
Description
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
EPSS (Exploit Prediction Scoring System)
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score Trend (Last 91 Days)
Out-of-bounds Write
DraftCommon Consequences
Applicable Platforms
Solaris SunSSH 11.0 x86 - libpam Remote Root
Solaris SunSSH 11.0 x86 - libpam Remote Root
View Exploit Code →Solaris SunSSH 11.0 x86 - libpam Remote Root …
Solaris SunSSH 11.0 x86 - libpam Remote Root (2)
View Exploit Code →Solaris SunSSH 11.0 x86 - libpam Remote Root …
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
View Exploit Code →Solaris by Oracle
cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*
Solaris by Oracle
cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*