Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2017-10379

Disclosure Date: October 19, 2017 •

CVE-2017-10379 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

debian,
mariadb,
netapp,
oracle,
redhat

Products

active iq unified manager,
debian linux 8.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 7.0,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 7.0,
mariadb,
mysql,
oncommand balance -,
oncommand insight -,
oncommand performance manager -,
oncommand unified manager,
oncommand workflow automation -,
openstack 12,
snapcenter -

References

Canonical

CVE-2017-10379 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10379)

BID-101415 (http://www.securityfocus.com/bid/101415)

Advisory

DSA-4002 (http://www.debian.org/security/2017/dsa-4002)

https://security.netapp.com/advisory/ntap-20171019-0002

https://access.redhat.com/errata/RHSA-2017:3265

https://access.redhat.com/errata/RHSA-2018:2729

https://access.redhat.com/errata/RHSA-2018:0574

SECTRACK-1039597 (http://www.securitytracker.com/id/1039597)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:2439

https://access.redhat.com/errata/RHSA-2017:3442

Rapid7

Technical Analysis