CVE-2020-2944

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS v3 8.8 HIGH
CVSS v2.0 7.2 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/25	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/04/15/3	Exploit Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:oracle:solaris:10:::::::*
	cpe:2.3:o:oracle:solaris:11:::::::*

History

No history.

Information

Published : 2020-04-15 14:15

Updated : 2022-06-30 19:53

NVD link : CVE-2020-2944

Mitre link : CVE-2020-2944

CVE.ORG link : CVE-2020-2944

JSON object : View

Products Affected

oracle

solaris

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2020-2944", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2020-04-15T14:15:37.030", "references": [{"url": "http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "secalert_us@oracle.com"}, {"url": "http://seclists.org/fulldisclosure/2020/Apr/25", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.openwall.com/lists/oss-security/2020/04/15/3", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "secalert_us@oracle.com"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Common Desktop Environment). Las versiones compatibles que est\u00e1n afectadas son la 10 y la 11. Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado con acceso a la infraestructura donde se ejecuta Oracle Solaris comprometer a Oracle Solaris. Aunque la vulnerabilidad se encuentra en Oracle Solaris, los ataques pueden afectar significativamente a otros productos. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Solaris. CVSS 3.0 Puntuaci\u00f3n Base 8.8 (Impactos de la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)."}], "lastModified": "2022-06-30T19:53:45.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC"}, {"criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}