4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
53.8%
The version of MariaDB installed on the remote host is prior to 5.5.68. It is, therefore, affected by multiple vulnerabilities as referenced in the mdb-5568-rn advisory.
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
(CVE-2020-2752)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2020-2812)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(138100);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/23");
script_cve_id("CVE-2020-2752", "CVE-2020-2812");
script_name(english:"MariaDB 5.5.0 < 5.5.68 Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of MariaDB installed on the remote host is prior to 5.5.68. It is, therefore, affected by multiple
vulnerabilities as referenced in the mdb-5568-rn advisory.
- Vulnerability in the MySQL Client product of Oracle
MySQL (component: C API). Supported versions that are
affected are 5.6.47 and prior, 5.7.27 and prior and
8.0.17 and prior. Difficult to exploit vulnerability
allows low privileged attacker with network access via
multiple protocols to compromise MySQL Client.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of MySQL Client. CVSS
3.0 Base Score 5.3 (Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
(CVE-2020-2752)
- Vulnerability in the MySQL Server product of Oracle
MySQL (component: Server: Stored Procedure). Supported
versions that are affected are 5.6.47 and prior, 5.7.29
and prior and 8.0.19 and prior. Easily exploitable
vulnerability allows high privileged attacker with
network access via multiple protocols to compromise
MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
(CVE-2020-2812)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://mariadb.com/kb/en/mariadb-5-5-68-release-notes");
script_set_attribute(attribute:"solution", value:
"Upgrade to MariaDB version 5.5.68 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-2812");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-2752");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/03");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:mariadb:mariadb");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Databases");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mariadb_nix_installed.nbin", "mariadb_win_installed.nbin", "mysql_version.nasl", "mysql_login.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports("Service/mysql", 3306);
exit(0);
}
include('vcf.inc');
var app_info = vcf::combined_get_app_info(app:'MariaDB');
if (!(app_info.local) && report_paranoia < 2)
audit(AUDIT_POTENTIAL_VULN, 'MariaDB');
vcf::check_all_backporting(app_info:app_info);
var constraints = [
{ 'min_version' : '5.5', 'fixed_version' : '5.5.68' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
53.8%