CVE-2020-14871
Published: 21 October 2020
Summary
CVE-2020-14871 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Oracle Solaris. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-14871 is a buffer overflow vulnerability (CWE-787) in the Pluggable Authentication Module (PAM) component of Oracle Solaris, specifically affecting supported versions 10 and 11. The flaw resides in PAM's handling of authentication data and carries a CVSS 3.1 base score of 10.0 due to its network-accessible, unauthenticated nature and impact on confidentiality, integrity, and availability with changed scope.
An unauthenticated attacker with network access via multiple protocols can exploit the issue to achieve remote takeover of an Oracle Solaris system. While the vulnerability is present in Solaris, successful exploitation can also affect additional products that rely on the affected component. The provided description explicitly states that the issue is not exploitable on Solaris 11.1 and later or ZFSSA 8.7 and later, resulting in a CVSS score of 0.0 for those releases.
Public exploit code demonstrating remote root access against SunSSH on Solaris 10 and 11.0 has been published, confirming practical remote code execution paths through the PAM parse_user_name function. Mitigation requires upgrading to a non-affected release as noted in the vulnerability description.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-7007
Vulnerability details
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the…
more
vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches to eliminate the PAM buffer-overflow flaw before remote exploitation can occur.
Enforces memory-protection mechanisms that can block or contain the buffer-overflow write in parse_user_name and thereby prevent arbitrary code execution.
Requires validation of authentication data supplied to PAM, which would have prevented the malformed input that triggers the overflow.