Vulnerability Details : CVE-2020-14871
Public exploit exists!
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVE-2020-14871 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-14871
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-14871
86.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-14871
-
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
Disclosure Date: 2020-10-20First seen: 2020-12-17exploit/solaris/ssh/pam_username_bofThis module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in V
CVSS scores for CVE-2020-14871
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
Oracle |
CWE ids for CVE-2020-14871
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-14871
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Vendor Advisory
-
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html
Solaris SunSSH 11.0 Remote Root ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
SunSSH Solaris 10 x86 Remote Root ≈ Packet StormThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2024/07/03/3
oss-security - Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systemsMailing List;Patch
-
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/03/03/1
oss-security - Announce: OpenSSH 8.5 releasedMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
Solaris SunSSH 11.0 x86 libpam Remote Root ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2020-14871
- cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*