r-commands are running and .rhosts is allowed. CVE not provided for this vulnerability and because of that vendor not supporting with CVE.
From the Solution section of this QID:
In order to solve the issue for Solaris,:- 1. Remove all of the lines that include rhosts_auth.so.1 from the PAM configuration file. 2. Disable the rsh service. Please refer to Oracle Solaris Rhost access for further details.
For Linux:- Remove the rhosts support from the /etc/pam.d/rlogin and /etc/pam.d/rsh on a Linux machine.
Retrieving data ...