Login Sign Up

CVE-2022-21524

7.6 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Oracle Solaris 11's filesystem component allows authenticated attackers with network access via SMB to cause denial of service (system hangs/crashes) and perform unauthorized data manipulation. It affects Oracle Solaris 11 systems with SMB access enabled, requiring only low privilege credentials for exploitation.

💻 Affected Systems

Products:
  • Oracle Solaris
Versions: 11
Operating Systems: Oracle Solaris
Default Config Vulnerable: ⚠️ Yes
Notes: Requires SMB access to be enabled and accessible. Systems without SMB enabled or properly firewalled are not vulnerable.

📦 What is this software?

Solaris by Oracle

View all CVEs affecting Solaris →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system denial of service (hang or crash) combined with unauthorized data modification and information disclosure, potentially leading to extended downtime and data integrity issues.

🟠

Likely Case

System instability or crashes affecting availability, with potential for limited data manipulation by authenticated attackers.

🟢

If Mitigated

Minimal impact if SMB access is restricted, proper network segmentation is implemented, and only trusted users have access.

🌐 Internet-Facing: HIGH if SMB is exposed to the internet, as it requires only low privilege credentials and has low attack complexity.
🏢 Internal Only: MEDIUM to HIGH depending on internal network segmentation and user privilege management, as authenticated attackers can exploit it.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires low privilege credentials and network access via SMB. The vulnerability is described as 'easily exploitable' by Oracle.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Oracle's July 2022 Critical Patch Update for specific patch details

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2022.html

Restart Required: Yes

Instructions:

1. Review Oracle's July 2022 Critical Patch Update advisory. 2. Download and apply the appropriate patches for Oracle Solaris 11. 3. Restart affected systems as required by the patch.

🔧 Temporary Workarounds

Disable SMB access

solaris

Disable SMB file sharing if not required for business operations

svcadm disable smb/server
svcadm disable smb/client

Restrict SMB network access

solaris

Use firewall rules to restrict SMB access to trusted networks only

ipf - add rule to block SMB ports (445, 139) from untrusted networks

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate Solaris systems with SMB enabled
  • Apply principle of least privilege to user accounts with SMB access and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check if running Oracle Solaris 11 and SMB service is enabled: 'svcs -a | grep smb'

Check Version:

uname -a ; pkg list entire

Verify Fix Applied:

Verify patch installation via 'pkg list' and check SMB service status

📡 Detection & Monitoring

Log Indicators:

  • Unusual SMB connection attempts
  • System crash/hang events in system logs
  • Failed authentication attempts followed by SMB activity

Network Indicators:

  • SMB traffic to Solaris systems from unexpected sources
  • Multiple SMB sessions from single source

SIEM Query:

source="solaris_logs" AND ("SMB" OR "smb") AND ("crash" OR "hang" OR "denial")

📊 Metadata

CVE ID: CVE-2022-21524
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Published: July 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON