Security News > 2020 > November > Oracle Solaris Zero-Day Attack Revealed
The vulnerability exists in the Oracle Solaris Pluggable Authentication Module and allows an unauthenticated attacker with network access via multiple protocols to exploit and compromise the operating system.
"In mid-2020, we observed UNC1945 deploy EVILSUN-a remote-exploitation tool containing a zero-day exploit for CVE-2020-14871 - on a Solaris 9 server," said researchers with FireEye, in a Monday analysis.
Researchers first observed threat actors gaining access to a Solaris server and installing a backdoor in late 2018.
"To further obfuscate activity, a Linux ELF packer named STEELCORGI was executed in memory on the Solaris system," said researchers.
"UNC1945 targeted Oracle Solaris operating systems, utilized several tools and utilities against Windows and Linux operating systems, loaded and operated custom virtual machines, and employed techniques to evade detection," said researchers.
News URL
https://threatpost.com/oracle-solaris-zero-day-attack/160929/
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- 7-Zip MotW bypass exploited in zero-day attacks against Ukraine (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-14871 | Out-of-bounds Write vulnerability in Oracle Solaris 10/11/9 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). | 0.0 |