CVE-2019-2541 — Corporation Solaris Operating System vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Solaris Operating System Oracle Solaris

Timeline

PublishedJan 16

Latest updateMay 13

Description

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity a…

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages2 packages

▶NVDoracle/solaris10

▶CVEListV5oracle_corporation/solaris_operating_system10

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-94xh-q293-53qx: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client)↗2022-05-13

▶

CVEList

CVE-2019-2541: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client)↗2019-01-16

▶

💬Community

Bugzilla

CVE-2018-16889 ceph: debug logging for v4 auth does not sanitize encryption keys↗2019-01-11

▶