Kaspersky LabKLA51718KLA51718 Multiple vulnerabilities in Microsoft SQL Server
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.4%
A remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2023-38169 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Microsoft ODBC Driver 18 for SQL Server on WindowsMicrosoft OLE DB Driver 19 for SQL ServerMicrosoft OLE DB Driver 18 for SQL ServerMicrosoft ODBC Driver 18 for SQL Server on MacOSMicrosoft ODBC Driver 17 for SQL Server on LinuxMicrosoft SQL Server 2019 for x64-based Systems (CU 21)Microsoft SQL Server 2022 for x64-based Systems (CU 5)Microsoft ODBC Driver 18 for SQL Server on LinuxMicrosoft ODBC Driver 17 for SQL Server on WindowsMicrosoft ODBC Driver 17 for SQL Server on MacOS
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.4%