CVE-2024-20999

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20999
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*
History

17 Mar 2025, 15:15

Type Values Removed Values Added
CWE CWE-250
Information

Published : 2024-04-16 22:15

Updated : 2025-03-17 15:15

NVD link : CVE-2024-20999

Mitre link : CVE-2024-20999

CVE.ORG link : CVE-2024-20999

JSON object : View

Products Affected

oracle

  • solaris
CWE
NVD-CWE-noinfo CWE-250

Execution with Unnecessary Privileges