The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris 10, and OpenSolaris snv_41 through snv_108, on SPARC platforms does not check authorization for guest console access, which allows local control-domain users to gain guest-domain privileges via unknown vectors.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00163
Percentile: 0.37919

CVSS Scoring

Mapped CWE(s)

• CWE-862 : Missing Authorization

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1211 : Exploitation for Defense Evasion
  Kill Chain: defense-evasion
• T1542.002 : Component Firmware
  Kill Chain: persistence
• T1556 : Modify Authentication Process
  Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:o:oracle:opensolaris:*:*:*:*:*:*:sparc:*
• cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:sparc:*

← Back to Home