CVE-2019-3010
high-risk
Published 2019-10-16
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Do I need to act?
!
50.2% chance of exploitation in next 30 days
EPSS score — higher than 50% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (7)
Mailing List
http://seclists.org/fulldisclosure/2019/Oct/39
Mailing List
http://seclists.org/fulldisclosure/2019/Oct/39
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-...
57
/ 100
high-risk
Severity
27/34 · High
Exploitability
25/34 · High
Exposure
5/34 · Minimal