CVE-2018-2754

Name of the Vulnerable Software and Affected Versions Oracle Sun Systems Products Suite version 11.3

Description The issue allows an unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash of Solaris.

Recommendations For version 11.3, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the ZVNET Driver to minimize the risk of unauthorized data modification or system crashes.