CVE-2019-3010

HIGH KEV

Oracle Solaris 11 - RCE

Title source: llm

Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Exploits (4)

exploitdb WORKING POC
by Marco Ivaldi · textlocalsolaris
https://www.exploit-db.com/exploits/47529
nomisec WORKING POC
by chaizeg · remote
https://github.com/chaizeg/privilege-escalation-breach
vulncheck_xdb WORKING POC
local
https://github.com/0xdea/exploits
metasploit WORKING POC EXCELLENT
by Marco Ivaldi, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/xscreensaver_log_priv_esc.rb

References (4)

Scores

CVSS v3 8.8
EPSS 0.5019
EPSS Percentile 97.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2022-05-25
VulnCheck KEV 2022-05-25
InTheWild.io 2022-05-25
ENISA EUVD EUVD-2019-12649
Status published
Products (1)
oracle/solaris 11
Published Oct 16, 2019
KEV Added May 25, 2022
Tracked Since Feb 18, 2026