• Skip to main content
  • Skip to footer
  • Home
  • About
    • Contact
    • Partners
  • Consulting
    • Virtual Chief Information Officer (vCIO)
    • Virtual Chief Information Security Officer (vCISO)
    • Virtual Chief Infection Prevention Officer (vCIPO)
    • Engagement Paths
  • Services
    • Managed IT Services
    • Technology Acquisition
  • Product Search
  • Blog

Adevonix

October 22, 2020 By adevonix

Solaris 10 & 11 PAM Vulnerability October 2020

Pluggable Authentication Module (PAM) Vulnerability

Oracle Solaris 10 & 11 operating systems have a pretty small market share today compared to other operating systems such as Linux and Microsoft Windows. However, over 50% of Solaris deployments are at medium and large organizations in the United States.

In Oracle’s October 2020 patch update, (CVE-2020-14871) is a level 10 (the highest) critical vulnerability in the pluggable authentication module (PAM) of Oracle Solaris. The flaw is locally and remotely exploitable without user credentials, requires no user interaction, and can be implemented as a “low-complexity” attack. Although there are no currently known published exploits, the low-complexity nature of the vulnerability combined with privilege escalation is why CVE-2020-14871 received the CVE level 10 criticality rating.

If you are a business or government agency that relies on Oracle Solaris for your computational workload, be sure you get this patch applied to your systems as soon as possible.

Linked Information

If you use Oracle VM VirtualBox, the same PAM vulnerability applies as well. Download the latest VirtualBox 6.1.32 from Oracle to address the patch.

The entire 2020 list of Oracle vulnerabilities patched in the October patch update. https://www.oracle.com/security-alerts/cpuoct2020.html

The specifics for Solaris 10/11 in regard to CVE-2020-14871 https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixSUNS

Filed Under: Cybersecurity

Footer

Adevonix LLC

10816 Town Center Blvd
Suite 345
Dunkirk, Maryland 20754
NAICS: 541519
D-U-N-S®: 117037899
CAGE:8B2S2

Member Calvert County Chamber of Commerce
Veteran-Owned Small Business
  • LinkedIn

Copyright © 2019–2025 · Adevonix LLC· Log in