CVE-2020-14871

Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

Severity Score

10.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Pluggable authentication module). Las versiones compatibles que están afectadas son la 10 y la 11. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de varios protocolos comprometer a Oracle Solaris. Aunque la vulnerabilidad está en Oracle Solaris, los ataques pueden impactar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Solaris. CVSS 3.1 Puntuación Base 10.0 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Nota: Este CVE no es explotable para Solaris 11.1 y versiones posteriores, y ZFSSA 8.7 y versiones posteriores, por lo que la puntuación base del CVSS es 0.0. CVSS 3.1 Puntuación base 10.0 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2020-06-19 CVE Reserved
2020-10-20 First Exploit
2020-10-21 CVE Published
2021-11-03 Exploited in Wild
2022-05-03 KEV Due Date
2024-08-04 CVE Updated
2024-08-15 EPSS Updated

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (15)

URL	Tag	Source
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/03/1	Mailing List
http://www.openwall.com/lists/oss-security/2024/07/03/3	Mailing List
https://www.fireeye.com/blog/threat-research/2020/11/critical-buffer-overflow-vulnerability-in-solaris-can-allow-remote-takeover.html
https://hacker.house/lab/cve-2020-18471
https://twitter.com/hackerfantastic/status/1323431512822435841

URL	Date	SRC
https://www.exploit-db.com/exploits/49261	2020-12-15
https://www.exploit-db.com/exploits/49896	2021-05-21
https://www.exploit-db.com/exploits/50039	2021-06-21
https://github.com/robidev/CVE-2020-14871-Exploit	2021-12-25
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html	2024-08-04
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html	2024-08-04
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html	2024-08-04
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/solaris/ssh/pam_username_bof.rb	2020-10-20

URL	Date	SRC

URL	Date	SRC
https://www.oracle.com/security-alerts/cpuoct2020.html	2020-10-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				>= 10 < 11.1 Search vendor "Oracle" for product "Solaris" and version " >= 10 < 11.1"		-		Affected
Oracle Search vendor "Oracle"		Solaris Search vendor "Oracle" for product "Solaris"				9 Search vendor "Oracle" for product "Solaris" and version "9"		-		Affected