Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2018-2817

Disclosure Date: April 19, 2018 •

CVE-2018-2817 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

canonical,
debian,
mariadb,
netapp,
oracle,
redhat

Products

active iq unified manager,
debian linux 7.0,
debian linux 8.0,
debian linux 9.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 7.0,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 7.0,
mariadb,
mysql,
oncommand insight -,
oncommand workflow automation -,
openstack 12,
snapcenter -,
ubuntu linux 12.04,
ubuntu linux 14.04,
ubuntu linux 16.04,
ubuntu linux 17.10,
ubuntu linux 18.04

References

Canonical

CVE-2018-2817 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2817)

BID-103818 (http://www.securityfocus.com/bid/103818)

Advisory

DSA-4341 (https://www.debian.org/security/2018/dsa-4341)

SECTRACK-1040698 (http://www.securitytracker.com/id/1040698)

https://access.redhat.com/errata/RHSA-2018:1254

https://security.netapp.com/advisory/ntap-20180419-0002

https://access.redhat.com/errata/RHSA-2018:2729

DSA-4176 (https://www.debian.org/security/2018/dsa-4176)

[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update (https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html)

[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update (https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html)

https://access.redhat.com/errata/RHSA-2018:3655

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://access.redhat.com/errata/RHSA-2018:2439

USN-3629-1 (https://usn.ubuntu.com/3629-1)

USN-3629-2 (https://usn.ubuntu.com/3629-2)

USN-3629-3 (https://usn.ubuntu.com/3629-3)

https://access.redhat.com/errata/RHSA-2019:1258

GLSA-201908-24 (https://security.gentoo.org/glsa/201908-24)

Rapid7

Technical Analysis