CVE-2024-21059 – This vulnerability in Oracle Solaris 11 allows ... (How to Fix)

Q: What is the severity of CVE-2024-21059?

CVE-2024-21059 has a CVSS score of 7.8 (HIGH). This vulnerability in Oracle Solaris 11 allows a low-privileged local attacker to potentially compromise the entire system, leading to complete takeover. The attack requires local access and is difficult to exploit, but successful exploitation can impact other products running on the same system. Only Oracle Solaris 11 systems are affected.

📋 TL;DR

This vulnerability in Oracle Solaris 11 allows a low-privileged local attacker to potentially compromise the entire system, leading to complete takeover. The attack requires local access and is difficult to exploit, but successful exploitation can impact other products running on the same system. Only Oracle Solaris 11 systems are affected.

💻 Affected Systems

Products:

Oracle Solaris

Versions: 11

Operating Systems: Oracle Solaris

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Oracle Solaris 11. Requires local access with low privileges. Component: Utility.

📦 What is this software?

Solaris by Oracle

View all CVEs affecting Solaris →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to gain root privileges, access all data, modify system integrity, and disrupt availability of the Solaris system and potentially other products running on it.

🟠

Likely Case

Local attacker with existing low privileges escalates to root access, compromising the Solaris system's confidentiality, integrity, and availability.

🟢

If Mitigated

With proper access controls and monitoring, exploitation attempts can be detected and contained before system takeover occurs.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Requires local access with low privileges. Attack is described as 'difficult to exploit' by Oracle. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle's April 2024 Critical Patch Update

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2024.html

Restart Required: Yes

Instructions:

1. Review Oracle's April 2024 Critical Patch Update advisory. 2. Download appropriate patches for Solaris 11. 3. Apply patches following Oracle's documentation. 4. Restart affected systems as required.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user accounts and implement strict access controls to reduce attack surface

Review and remove unnecessary local accounts
Implement role-based access controls
Enforce strong authentication for local access

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Monitor system logs for suspicious local privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check if running Oracle Solaris 11 without April 2024 patches applied

Check Version:

uname -a

Verify Fix Applied:

Verify patches from Oracle's April 2024 CPU are installed and system has been restarted

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts
Suspicious utility execution by low-privileged users
Failed authentication attempts followed by successful local access

Network Indicators:

N/A - local attack only

SIEM Query:

Search for privilege escalation events or suspicious utility execution by non-admin users on Solaris systems

📊 Metadata

CVE ID: CVE-2024-21059

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-269

Published: April 16, 2024

Last Updated: March 13, 2025

🔗 References

https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2024.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-21059, you might also want to check these: