Cyber Resilience

CVE-2020-14871

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 21 October 2020

Published
21 October 2020
Modified
27 October 2025
KEV Added
03 November 2021
Patch
03 July 2024
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.8887 99.5th percentile
Risk Priority 93 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-14871 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Oracle Solaris. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-14871 is a buffer overflow vulnerability (CWE-787) in the Pluggable Authentication Module (PAM) component of Oracle Solaris, specifically affecting supported versions 10 and 11. The flaw resides in PAM's handling of authentication data and carries a CVSS 3.1 base score of 10.0 due to its network-accessible, unauthenticated nature and impact on confidentiality, integrity, and availability with changed scope.

An unauthenticated attacker with network access via multiple protocols can exploit the issue to achieve remote takeover of an Oracle Solaris system. While the vulnerability is present in Solaris, successful exploitation can also affect additional products that rely on the affected component. The provided description explicitly states that the issue is not exploitable on Solaris 11.1 and later or ZFSSA 8.7 and later, resulting in a CVSS score of 0.0 for those releases.

Public exploit code demonstrating remote root access against SunSSH on Solaris 10 and 11.0 has been published, confirming practical remote code execution paths through the PAM parse_user_name function. Mitigation requires upgrading to a non-affected release as noted in the vulnerability description.

EU & UK References

Vulnerability details

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the…

more

vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

oracle
solaris
9 · 10 — 11.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of vendor patches to eliminate the PAM buffer-overflow flaw before remote exploitation can occur.

prevent

Enforces memory-protection mechanisms that can block or contain the buffer-overflow write in parse_user_name and thereby prevent arbitrary code execution.

prevent

Requires validation of authentication data supplied to PAM, which would have prevented the malformed input that triggers the overflow.

References