CVE-2020-14871

Description from NVD

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Information Acquisition Date:2021-04-27T10:52Z
CVSS 2.0: 10.0 HIGH CVSS 3.x: 10.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://www.oracle.com/security-alerts/cpuoct2020.html
     source:MISC
     tags:Vendor Advisory    
 http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 [oss-security] 20210302 Announce: OpenSSH 8.5 released
     source:MLIST
     tags:Mailing List    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://www.oracle.com/security-alerts/cpuoct2020.html23
https://ift.tt/38c28j24
https://github.com/hackerhouse-opensource/exploits/blob/mas...4
https://twitter.com/hackerfantastic/status/13234315128224358414
https://hacker.house/lab/cve-2020-18471/3
http://Securitylab.ru3
https://www.fireeye.com/blog/threat-research/2020/11/live-o...3
http://tweetedtimes.com/susession?s=tnp3

Information from Twitter

User URL Info Source Date
StopMalvertisin https://stpmvt.com/3vKtXJN Source StopMalvertisin 1611461241263759368 2023/01/07

List of frequently cited URLs

URLNum of Times Referred to
www.oracle.com23
ift.tt4
github.com4
twitter.com4
hacker.house3
Securitylab.ru3
www.fireeye.com3
tweetedtimes.com3

Information from Twitter

User URL Info Source
StopMalvertisin stpmvt.com Show Tweet
GitHub Search Results: Up to 10
NameURL
robidev/CVE-2020-14871-Exploit https://github.com/robidev/CVE-2020-14871-Exploit
GitHub Search Results: Up to 10
NameURL
robidev/CVE-2020-14871-Exploit github.com
2023/01/07 Score : 1
Added Har-sia Database : 2020/10/21
Last Modified : 2023/01/07
Highest Scored Date : 2020/11/05
Highest Score : 42