There is a fairly trivial Solaris telnet 0-day exploit that will give you root on many Solaris systems with default installs. SANS’ announcement: “If you run Solaris, please check if you got telnet enabled NOW. If you can, block port 23 at your perimeter” The exploit is still pretty scary, and pretty easy to pull off, and I thought the Solaris TTYPROMPT telnet exploit of 2002 was easy. The exploit should be prevented in default install scenarios.”]
Source: https://www.csoonline.com/article/2633094/huge–easy-solaris-telnet-exploit-.html