Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-1999-1432Solaris vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
6.4%
top 8.92%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SUN SolarisSUN Sunos
Timeline
PublishedJul 16
Latest updateApr 30

Description

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsun/solaris4 versions+3
NVDsun/sunos5.4, 5.5, 5.5.1+2

🔴Vulnerability Details

2
GHSA
GHSA-prwq-fx78-ppf8: Power management (Powermanagement) on Solaris 22022-04-30
CVEList
CVE-1999-1432: Power management (Powermanagement) on Solaris 22002-03-09

💥Exploits & PoCs

1
Exploit-DB
Sun Solaris 2.6 - power management1998-07-16
CVE-1999-1432 — SUN Solaris vulnerability | cvebase