← back
CVE-2019-3010

CVE-2019-3010

CVSS 8.8 HIGHEPSS 13.5%● KEV
In short

A flaw in XScreenSaver on Oracle Solaris 11 allows a regular user with access to the system to gain complete control over the operating system. An attacker can exploit this without user interaction, potentially compromising the entire system and any services running on it.

Technical detail

Local privilege escalation vulnerability in XScreenSaver component on Oracle Solaris 11 requiring low privileges and system logon access (AV:L/PR:L/UI:N). Successful exploitation results in complete system compromise with high confidentiality, integrity, and availability impact; scope is changed, allowing lateral impact to connected systems (CVSS 8.8).

Summary generated and translated by AI from the official description.
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Oracle Corporation · Solaris Operating System
public PoCs found3
githubgithub.com/chaizeg/privilege-escalation-breach0cve_referencepacketstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47529unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2019/Oct/39https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html