{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T04:13:59.460","vulnerabilities":[{"cve":{"id":"CVE-2020-14871","sourceIdentifier":"secalert_us@oracle.com","published":"2020-10-21T15:15:24.593","lastModified":"2025-10-27T17:08:23.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."},{"lang":"es","value":"Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Pluggable authentication module). Las versiones compatibles que están afectadas son la 10 y la 11. Una vulnerabilidad explotable fácilmente permite a un atacante no autenticado con acceso a la red por medio de varios protocolos comprometer a Oracle Solaris. Aunque la vulnerabilidad está en Oracle Solaris, los ataques pueden impactar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en la toma de control de Oracle Solaris. CVSS 3.1 Puntuación Base 10.0 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) Nota: Este CVE no es explotable para Solaris 11.1 y versiones posteriores, y ZFSSA 8.7 y versiones posteriores, por lo que la puntuación base del CVSS es 0.0. CVSS 3.1 Puntuación base 10.0 (impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2022-05-03","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","versionStartIncluding":"10","versionEndExcluding":"11.1","matchCriteriaId":"5CAB663F-FA5E-4079-BE85-D0EAFF34E773"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:9:*:*:*:*:*:*:*","matchCriteriaId":"4F864AD7-53A2-4225-870F-062876CE45DD"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html","source":"secalert_us@oracle.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html","source":"secalert_us@oracle.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html","source":"secalert_us@oracle.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2021/03/03/1","source":"secalert_us@oracle.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/3","source":"secalert_us@oracle.com","tags":["Mailing List","Patch"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2021/03/03/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2024/07/03/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14871","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}