Vulnerability in Oracle Solaris NSSwitch Component Affects Multiple Oracle Products
CVE-2023-21900

4MEDIUM

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 18 January 2023

What is CVE-2023-21900?

This vulnerability affects Oracle Solaris, specifically within the NSSwitch component, allowing high privileged attackers with network access to exploit it. Although the attack requires human interaction from an individual other than the attacker, it poses a significant risk to all Oracle Solaris users. Successful exploitation can lead to unauthorized updates, inserts, or deletes of sensitive data and may result in a partial denial of service, hindering system functionality. Affected versions are Oracle Solaris 10 and 11, and the scope of potential impact can extend beyond just this platform.

Affected Version(s)

Solaris Operating System 10

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpujan2023.html

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Dec 17, 2022