6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
33.7%
MySQL for Windows contains a privilege escalation vulnerability due to the use of an OPENSSLDIR
variable that specifies a location where an unprivileged Windows user can create files.
CVE-2021-2307
MySQL includes an OpenSSL component that specifies an OPENSSLDIR
variable as a subdirectory of /build_area/
. On the Windows platform, this path is interpreted as C:\build_area
. MySQL contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf
file to achieve arbitrary code execution with SYSTEM privileges.
By placing a specially-crafted openssl.cnf
in a C:\build_area
subdirectory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable MySQL software installed.
This vulnerability is addressed in the MySQL Windows installer version 8.0.24 and 5.7.34.
In cases where an update cannot be installed, this vulnerability can be mitigated by creating a C:\build_area
directory and restricting ACLs to prevent unprivileged users from being able to write to this location.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
567764
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2020-11-12 Updated: 2021-04-20 CVE-2021-2307 | Affected |
---|
We have not received a statement from the vendor.
CVE IDs: | CVE-2021-2307 |
---|---|
Date Public: | 2021-04-20 Date First Published: |
6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
33.7%