Low Privilege Vulnerability in Oracle Solaris Filesystem Component
CVE-2024-20920

3.8LOW

Key Information:

Vendor: Oracle
Status: Solaris Operating System
Vendor: CVE Published:; 16 January 2024

What is CVE-2024-20920?

This vulnerability exists within the Oracle Solaris filesystem component, allowing low privileged attackers who have logged into the affected infrastructure to gain unauthorized read access to certain data within Oracle Solaris. Although the issue is primarily within Oracle Solaris, its exploitation could have broader implications, affecting other associated products. It is crucial for users operating Oracle Solaris 11 to apply the necessary updates to mitigate the risks linked to this vulnerability.

Affected Version(s)

Solaris Operating System 11

References

https://www.oracle.com/security-alerts/cpujan2024.html

vendor-advisory

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2024
Vulnerability Reserved
Dec 7, 2023