Vulnerability Details : CVE-2019-3010
Public exploit exists!
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Products affected by CVE-2019-3010
- cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
CVE-2019-3010 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Oracle Solaris Privilege Escalation Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-3010
Added on
2022-05-25
Action due date
2022-06-15
Exploit prediction scoring system (EPSS) score for CVE-2019-3010
37.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2019-3010
-
Solaris xscreensaver log Privilege Escalation
Disclosure Date: 2019-10-16First seen: 2020-04-26exploit/solaris/local/xscreensaver_log_priv_escThis module exploits a vulnerability in `xscreensaver` versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. `xscreensaver` allows users to create a user-owned file at any location on the filesystem using the `-log`
CVSS scores for CVE-2019-3010
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-09-30 |
|
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
References for CVE-2019-3010
-
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html
Solaris xscreensaver Privilege Escalation ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2019/Oct/39
Full Disclosure: CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaverMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Oracle Critical Patch Update - October 2019Patch;Vendor Advisory
Jump to