A vulnerability, which was classified as critical, was found in Oracle Solaris 10/11 (Operating System). Affected is an unknown part of the component Common Desktop Environment. The manipulation with an unknown input leads to a local privilege escalation vulnerability. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

The weakness was published 04/15/2020 as Oracle Critical Patch Update Advisory - April 2020 as confirmed advisory (Website). The advisory is shared for download at oracle.com. This vulnerability is traded as CVE-2020-2851. The exploitability is told to be difficult. The attack needs to be approached locally. A authentication is necessary for exploitation. There are neither technical details nor an exploit publicly available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Similar entries are available at 153686, 153290, 153291 and 153293.

Productinfo

Type

• Operating System

Vendor

• Oracle

Name

• Solaris

Version

• 10
• 11

License

• commercial

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion