CVE-2017-3622

HIGH EXPLOITED

Oracle Sun Systems Products Suite <10 - RCE

Title source: llm

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment (CDE)). The supported version that is affected is 10. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3622 is assigned for the "Extremeparr". CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubylocalsolaris

https://www.exploit-db.com/exploits/45479

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Shadow Brokers, Hacker Fantastic, bcoles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/extremeparr_dtappgather_priv_esc.rb

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97774

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038292

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45479/

Scores

CVSS v3 7.8

EPSS 0.1961

EPSS Percentile 95.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2017-06-20

Classification

Status draft

Affected Products (1)

oracle/solaris

Timeline

Published Apr 24, 2017

Tracked Since Feb 18, 2026