CVE-2020-14871

CVSS 10.0 · Critical KEV EPSS 88.87% · P100 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-14871

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Oracle Solaris 缓冲区错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Oracle Solaris是美国甲骨文（Oracle）公司的一套UNIX操作系统。 Oracle Solaris 可插入身份验证模块10版本，11版本存在安全漏洞，该漏洞允许未经身份验证攻击者通过多种协议进行网络访问，从而危害Oracle Solaris。尽管此漏洞位于Oracle Solaris中，但攻击可能会严重影响其他产品。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Oracle Corporation	Solaris Operating System	10	-

II. Public POCs for CVE-2020-14871

#	POC Description	Source Link	Shenlong Link
1	This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems libpam library, and exploitable over ssh	https://github.com/robidev/CVE-2020-14871-Exploit	POC Details
2	This is a little Python script to detect the "EvilSun" vulnerability (CVE-2020-14871) on Solaris systems. The vulnerability is a buffer overflow in the Pluggable Authentication Module (PAM) `pam_unix_auth` when handling keyboard-interactive authentication in SSH.	https://github.com/FromPartsUnknown/EvilSunCheck	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-14871

请登录查看更多情报信息。

http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.htmlx_refsource_MISC
http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.htmlx_refsource_MISC
http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
http://packetstormsecurity.com/files/163232/Solaris-SunSSH-11.0-Remote-Root.htmlx_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/03/03/1mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2024/07/03/3mailing-list
https://nvd.nist.gov/vuln/detail/CVE-2020-14871

Same Patch Batch · Oracle Corporation · 2020-10-21 · 160 CVEs total

CVE-2020-14825	9.8 CRITICAL	Oracle WebLogic Server Core 安全漏洞
CVE-2020-14859	9.8 CRITICAL	Oracle WebLogic Server Core 安全漏洞
CVE-2020-14841	9.8 CRITICAL	Oracle WebLogic Server Core 安全漏洞
CVE-2020-14882	9.8 CRITICAL	Oracle WebLogic Server 安全漏洞
CVE-2020-14855	9.8 CRITICAL	Oracle Universal Work Queue 安全漏洞
CVE-2020-14805	9.1 CRITICAL	IBM Oracle E-Business Suite Secure Enterprise Search 安全漏洞
CVE-2020-14876	9.1 CRITICAL	Oracle Trade Management 安全漏洞
CVE-2020-14875	9.1 CRITICAL	Oracle Marketing--Marketing Administration 安全漏洞
CVE-2020-14735	8.8 HIGH	Oracle Database Server Scheduler component 安全漏洞
CVE-2020-14862	8.8 HIGH	Oracle Universal Work Queue 安全漏洞
CVE-2020-14824	8.6 HIGH	Oracle Financial Services Analytical Applications Infrastructure 安全漏洞
CVE-2020-14879	8.5 HIGH	Oracle BI Publisher 安全漏洞
CVE-2020-14880	8.5 HIGH	Oracle BI Publisher 安全漏洞
CVE-2020-14835	8.2 HIGH	Oracle Marketing 安全漏洞
CVE-2020-14808	8.2 HIGH	Oracle Trade Management 安全漏洞
CVE-2020-14857	8.2 HIGH	Oracle E-Business Suite Trade Management product 安全漏洞
CVE-2020-14842	8.2 HIGH	Oracle BI Publisher 安全漏洞
CVE-2020-14833	8.2 HIGH	Oracle Trade Management 授权问题漏洞
CVE-2020-14872	8.2 HIGH	Oracle VM VirtualBox Core 安全漏洞
CVE-2020-14831	8.2 HIGH	Oracle Marketing 授权问题漏洞

Showing top 20 of 160 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Solaris Operating System

Same vendor: Oracle Corporation

V. Comments for CVE-2020-14871

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-14871

I. Basic Information for CVE-2020-14871

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2020-14871

III. Intelligence Information for CVE-2020-14871

Same Patch Batch · Oracle Corporation · 2020-10-21 · 160 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-14871

Leave a comment