CVE-2018-2892

HIGH

Oracle Solaris <11 - Privilege Escalation

Title source: llm

Description

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in takeover of Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Exploits (1)

exploitdb WORKING POC
by mu-b · clocalsolaris
https://www.exploit-db.com/exploits/45126

References (4)

Scores

CVSS v3 7.8
EPSS 0.0152
EPSS Percentile 81.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (2)
oracle/solaris 10.0
oracle/solaris 11.3
Published Jul 18, 2018
Tracked Since Feb 18, 2026