CVE-1999-1137
LowExploitation Probability (EPSS)
Low risk32th percentile — higher than 32% of all known CVEs
Summary
Permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device. This could be exploited by an attacker to monitor conversations happening near a machine with a microphone.
Risk Assessment
The organization may be exposed to privacy breaches as local users can eavesdrop on conversations. This poses a risk of confidential information leakage.
Recommendation
It is recommended to restrict permissions for the /dev/audio device to trusted users only and consider upgrading the system to a newer version that does not have this vulnerability.
Original NVD description (English source)
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

