CVE-2018-2892

Name of the Vulnerable Software and Affected Versions Oracle Solaris versions 10 and 11.3

Description The issue is related to a vulnerability in the Availability Suite Service component of Oracle Solaris, which is associated with inadequate access control. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Solaris is executed, potentially allowing the attacker to compromise Solaris and resulting in a takeover of the system. The vulnerability enables an attacker to execute arbitrary code and elevate their privileges.

Recommendations For Oracle Solaris version 10, update to a version that includes the necessary security patches to address the access control weaknesses in the Availability Suite Service component. For Oracle Solaris version 11.3, apply the relevant security fixes to mitigate the vulnerability in the Availability Suite Service component. As a temporary workaround, consider restricting access to the Availability Suite Service component until a patch is available.