3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
3.9 Low
AI Score
Confidence
High
3.3 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
15.4%
This Solaris system is missing necessary patches to address a critical security update :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle CPU for jul2021.
#
include('deprecated_nasl_level.inc');
include("compat.inc");
if (description)
{
script_id(151923);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/21");
script_cve_id("CVE-2021-2381");
script_xref(name:"IAVA", value:"2021-A-0345-S");
script_name(english:"Oracle Solaris Critical Patch Update : jul2021_SRU11_4_34_94_4");
script_summary(english:"Check for the jul2021 CPU");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Solaris system is missing a security patch from CPU
jul2021."
);
script_set_attribute(
attribute:"description",
value:
"This Solaris system is missing necessary patches to address a critical
security update :
- Vulnerability in the Oracle Solaris product of Oracle
Systems (component: Kernel). The supported version that
is affected is 11. Easily exploitable vulnerability
allows low privileged attacker with logon to the
infrastructure where Oracle Solaris executes to
compromise Oracle Solaris. Successful attacks require
human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of
Oracle Solaris accessible data and unauthorized ability
to cause a partial denial of service (partial DOS) of
Oracle Solaris. CVSS 3.1 Base Score 3.9 (Integrity and
Availability impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).
(CVE-2021-2381)"
);
script_set_attribute(
attribute:"see_also",
value:"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2788472.1"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.oracle.com/a/tech/docs/cpujul2021cvrf.xml"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.oracle.com/security-alerts/cpujul2021.html"
);
script_set_attribute(
attribute:"solution",
value:"Install the jul2021 CPU from the Oracle support website."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-2381");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/21");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("solaris.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
fix_release = "11.4-11.4.34.0.1.94.4";
flag = 0;
if (solaris_check_release(release:"11.4-11.4.34.0.1.94.4", sru:"11.4.34.94.4") > 0) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:solaris_get_report2());
else security_note(0);
exit(0);
}
audit(AUDIT_OS_RELEASE_NOT, "Solaris", fix_release, release);
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
3.9 Low
AI Score
Confidence
High
3.3 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
15.4%