CVE-2020-14724

Name of the Vulnerable Software and Affected Versions Oracle Solaris version 11

Description The issue is related to insufficient input validation in the Device Driver Utility component of Oracle Solaris. This can be exploited to impact the confidentiality, integrity, and availability of protected information. The vulnerability is easily exploitable and can be compromised by a low-privileged attacker with logon to the infrastructure where Oracle Solaris is executed. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Oracle Solaris.

Recommendations For Oracle Solaris version 11, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Device Driver Utility component until a patch is available.