Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

High

Attack Vector

Local

0

CVE-2017-10268

Disclosure Date: October 19, 2017 •

CVE-2017-10268 CVSS v3 Base Score: 4.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

4.1 Medium

Impact Score:

3.6

Exploitability Score:

0.5

Vector:

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector (AV):

Local

Attack Complexity (AC):

High

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

None

Vendors

debian,
mariadb,
netapp,
oracle,
redhat

Products

active iq unified manager,
debian linux 8.0,
debian linux 9.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 7.0,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 7.0,
mariadb,
mysql,
oncommand balance -,
oncommand insight -,
oncommand performance manager -,
oncommand unified manager,
oncommand workflow automation -,
openstack 12,
snapcenter -

References

Canonical

CVE-2017-10268 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268)

BID-101390 (http://www.securityfocus.com/bid/101390)

Advisory

DSA-4002 (http://www.debian.org/security/2017/dsa-4002)

DSA-4341 (https://www.debian.org/security/2018/dsa-4341)

https://security.netapp.com/advisory/ntap-20171019-0002

https://access.redhat.com/errata/RHSA-2017:3265

https://access.redhat.com/errata/RHSA-2018:2729

[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update (https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html)

https://access.redhat.com/errata/RHSA-2018:0574

SECTRACK-1039597 (http://www.securitytracker.com/id/1039597)

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

https://access.redhat.com/errata/RHSA-2018:0279

https://access.redhat.com/errata/RHSA-2018:2439

https://access.redhat.com/errata/RHSA-2017:3442

https://access.redhat.com/errata/RHSA-2019:1258

Rapid7

Technical Analysis