Kaspersky LabKLA50361KLA50361 Multiple vulnerabilities in Microsoft SQL Server
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.2%
Detect date:
06/15/2023
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Affected products:
Microsoft ODBC Driver 18 for SQL Server on Linux
Microsoft OLE DB Driver 19 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on MacOS
Microsoft ODBC Driver 18 for SQL Server on MacOS
Microsoft ODBC Driver 18 for SQL Server on Windows
Microsoft SQL Server 2019 for x64-based Systems (CU 21)
Microsoft OLE DB Driver 18 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on Windows
Microsoft SQL Server 2022 for x64-based Systems (CU 5)
Microsoft ODBC Driver 17 for SQL Server on Linux
Solution:
Update to the latest version
Microsoft OLE DB Driver 18 for SQL Server
Microsoft OLE DB Driver 19 for SQL Server
Microsoft ODBC Driver 17 for SQL Server on Windows
Microsoft ODBC Driver 18 for SQL Server on Windows
Original advisories:
CVE-2023-32027
CVE-2023-32025
CVE-2023-29356
CVE-2023-32028
CVE-2023-32026
CVE-2023-29349
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-320277.8Critical
CVE-2023-320257.8Critical
CVE-2023-293567.8Critical
CVE-2023-320287.8Critical
CVE-2023-320267.8Critical
CVE-2023-293497.8Critical
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32027
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32028
learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#download-for-windows
learn.microsoft.com/sql/connect/odbc/download-odbc-driver-for-sql-server#version-17
learn.microsoft.com/sql/connect/oledb/download-oledb-driver-for-sql-server#download
learn.microsoft.com/sql/connect/oledb/release-notes-for-oledb-driver-for-sql-server#1866
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-SQL-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
46.2%