CVE-2020-14818 Vulnerability Details

/ / /

CVE-2020-14818 Metadata Quick Info

CVE Published: 21/10/2020 | CVE Updated: 26/09/2024 | CVE Year: 2020
Source: oracle | Vendor: Oracle Corporation | Product: Solaris Operating System
Status : PUBLISHED

CVE-2020-14818 Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N).

Metrics

CVSS Version: 3.1 | Base Score: 3 LOW
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

l➤ Exploitability Metrics:
Attack Vector (AV)* NETWORK
Attack Complexity (AC)* HIGH
Privileges Required (PR)* LOW
User Interaction (UI)* REQUIRED
Scope (S)* CHANGED

l➤ Impact Metrics:
Confidentiality Impact (C)* NONE
Integrity Impact (I)* LOW
Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Difficult to exploit vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data.
Source: Oracle Corporation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:

Source: NVD (National Vulnerability Database).