CVE-2019-3010
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 14, 2018
- Published Date
- October 16, 2019
- Last Updated
- September 30, 2024
- Vendor
- Oracle Corporation
- Product
- Solaris Operating System
- Description
- Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
- Tags
- Exploitation
- active
- Technical Impact
- total
- Exploited in the Wild
- Yes (2022-05-25 00:00:00 UTC) Source
cisa
metasploit_scanner
CVSS Scores
CVSS v3.1
8.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v2.0
4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-05-25 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/local/xscreensaver_log_priv_esc.rb | 2025-04-29 11:01:26 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
xscreensaver_log_priv_esc
Type: metasploit • Created: Unknown
Metasploit module for CVE-2019-3010
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit