CVE-2020-14871 – Oracle / Solaris – Unspecified

CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the vulnerability was leveraged in an attack. Others claimed the vulnerability was exploited and distributed in the wild since 2014.

Summary:

CVE-2020-14871 is an unspecified vulnerability impacting Oracle Solaris versions 10 and 11. A Metasploit module was observed in open source and subsequently shared in the underground. Security researchers claimed the vulnerability was leveraged in an attack. Others claimed the vulnerability was exploited and distributed in the wild since 2014.

PoC Links(if available):

ZDnet article: Hacker group uses Solaris zero-day to breach corporate networks –
https://www.zdnet.com/article/hacker-group-uses-solaris-zero-day-to-breach-corporate-networks/

Known Counter Measures:

Oracle addressed the vulnerability in their October 2020 Critical Patch Update Advisory.

Links to patches(if available)

https://www.oracle.com/security-alerts/cpuoct2020.html