CVE-2020-14871 - Vulnerability Details

Vendors	Products
Oracle	Solaris

Link	Providers
http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html
http://www.openwall.com/lists/oss-security/2021/03/03/1
http://www.openwall.com/lists/oss-security/2024/07/03/3
https://www.oracle.com/security-alerts/cpuoct2020.html

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-14871", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "dateUpdated": "2024-08-04T13:00:51.576Z", "dateReserved": "2020-06-19T00:00:00", "datePublished": "2020-10-21T14:04:29"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2024-07-03T09:06:08.127123"}, "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "affected": [{"vendor": "Oracle Corporation", "product": "Solaris Operating System", "versions": [{"version": "10", "status": "affected"}, {"version": "11", "status": "affected"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html"}, {"url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html"}, {"url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html"}, {"name": "[oss-security] 20210302 Announce: OpenSSH 8.5 released", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2021/03/03/1"}, {"url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html"}, {"name": "[oss-security] 20240703 Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "affected": [{"vendor": "oracle", "product": "solaris", "cpes": ["cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10", "status": "affected"}]}, {"vendor": "oracle", "product": "solaris", "cpes": ["cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-17T13:40:20.140887Z", "id": "CVE-2020-14871", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14871"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T13:42:44.185Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:00:51.576Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20210302 Announce: OpenSSH 8.5 released", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/03/03/1"}, {"url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20240703 Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/03/03/1", "name": "[oss-security] 20210302 Announce: OpenSSH 8.5 released", "tags": ["mailing-list", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html", "tags": ["x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3", "name": "[oss-security] 20240703 Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:00:51.576Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-14871", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-17T13:40:20.140887Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14871"}}}], "affected": [{"cpes": ["cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "solaris", "versions": [{"status": "affected", "version": "10"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "solaris", "versions": [{"status": "affected", "version": "11"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T13:41:36.917Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Oracle Corporation", "product": "Solaris Operating System", "versions": [{"status": "affected", "version": "10"}, {"status": "affected", "version": "11"}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html"}, {"url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html"}, {"url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html"}, {"url": "http://www.openwall.com/lists/oss-security/2021/03/03/1", "name": "[oss-security] 20210302 Announce: OpenSSH 8.5 released", "tags": ["mailing-list"]}, {"url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/03/3", "name": "[oss-security] 20240703 Re: CVE-2024-6387: RCE in OpenSSH's server, on glibc-based Linux systems", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris."}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2024-07-03T09:06:08.127123"}}}, "cveMetadata": {"cveId": "CVE-2020-14871", "state": "PUBLISHED", "dateUpdated": "2024-08-04T13:00:51.576Z", "dateReserved": "2020-06-19T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2020-10-21T14:04:29", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CAB663F-FA5E-4079-BE85-D0EAFF34E773", "versionEndExcluding": "11.1", "versionStartIncluding": "10", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*", "matchCriteriaId": "4F864AD7-53A2-4225-870F-062876CE45DD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Pluggable authentication module). Las versiones compatibles que est\u00e1n afectadas son la 10 y la 11. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de varios protocolos comprometer a Oracle Solaris. Aunque la vulnerabilidad est\u00e1 en Oracle Solaris, los ataques pueden impactar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Solaris. CVSS 3.1 Puntuaci\u00f3n Base 10.0 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Nota: Este CVE no es explotable para Solaris 11.1 y versiones posteriores, y ZFSSA 8.7 y versiones posteriores, por lo que la puntuaci\u00f3n base del CVSS es 0.0. CVSS 3.1 Puntuaci\u00f3n base 10.0 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}], "id": "CVE-2020-14871", "lastModified": "2024-11-21T05:04:22.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "secalert_us@oracle.com", "type": "Secondary"}]}, "published": "2020-10-21T15:15:24.593", "references": [{"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html"}, {"source": "secalert_us@oracle.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html"}, {"source": "secalert_us@oracle.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html"}, {"source": "secalert_us@oracle.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html"}, {"source": "secalert_us@oracle.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/03/1"}, {"source": "secalert_us@oracle.com", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"}, {"source": "secalert_us@oracle.com", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/03/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object