10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.086 Low
EPSS
Percentile
94.5%
The remote Microsoft SQL Server is missing a security update. It is, therefore, affected by buffer overflow vulnerability that could allow remote code execution on an affected system.
An attacker who successfully exploited the vulnerability could execute code in the context of the SQL Server Database Engine service account.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(122486);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id("CVE-2018-8273");
script_bugtraq_id(104967);
script_xref(name:"MSFT", value:"MS18-4458842");
script_xref(name:"MSFT", value:"MS18-4293808");
script_xref(name:"MSFT", value:"MS18-4293802");
script_xref(name:"MSFT", value:"MS18-4458621");
script_xref(name:"MSFT", value:"MS18-4293803");
script_xref(name:"MSFT", value:"MS18-4293805");
script_xref(name:"MSKB", value:"4458842");
script_xref(name:"MSKB", value:"4293808");
script_xref(name:"MSKB", value:"4293802");
script_xref(name:"MSKB", value:"4458621");
script_xref(name:"MSKB", value:"4293803");
script_xref(name:"MSKB", value:"4293805");
script_name(english:"Security Updates for Microsoft SQL Server 2016 and 2017 x64 (August 2018) (uncredentialed check)");
script_set_attribute(attribute:"synopsis", value:
"The remote SQL server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote Microsoft SQL Server is missing a security update. It is,
therefore, affected by buffer overflow vulnerability that could allow
remote code execution on an affected system.
An attacker who successfully exploited the vulnerability could execute code
in the context of the SQL Server Database Engine service account.");
# https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8273
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02637930");
# https://support.microsoft.com/en-us/help/4458842/description-of-the-security-update-for-the-remote-code-execution-vulne
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5296772");
# https://support.microsoft.com/en-us/help/4293808/security-update-for-remote-code-execution-vulnerability-in-sql-server
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ded4707c");
# https://support.microsoft.com/en-us/help/4293802/description-of-the-security-update-for-the-remote-code-execution-vulne
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc2f6328");
# https://support.microsoft.com/en-us/help/4458621/description-of-the-security-update-for-the-remote-code-execution
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ab5e14c");
# https://support.microsoft.com/en-us/help/4293803/description-of-the-security-update-for-the-remote-code-execution-vulne
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0c6a7711");
# https://support.microsoft.com/en-us/help/4293805/security-update-for-remote-code-execution-vulnerability-in-sql-server
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?82d9f22e");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for x64 versions of SQL Server 2016 and 2017.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8273");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/14");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/28");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("mssqlserver_detect.nasl");
script_require_keys("Settings/ParanoidReport");
script_require_ports(1433, "Services/mssql");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
port = get_service(svc:"mssql", exit_on_fail:TRUE);
instance = get_kb_item("MSSQL/" + port + "/InstanceName");
version = get_kb_item_or_exit("MSSQL/" + port + "/Version");
ver = pregmatch(pattern:"^([0-9.]+)([^0-9]|$)", string:version);
if(!isnull(ver) && !isnull(ver[1])) ver = ver[1];
if (
# 2016 GDR SP1
ver_compare(minver:"13.0.4001.0", ver:ver, fix:"13.0.4224.0", strict:FALSE) < 0 ||
# 2016 CU SP1
ver_compare(minver:"13.0.4411.0", ver:ver, fix:"13.0.4522.0", strict:FALSE) < 0 ||
# 2016 GDR SP2
ver_compare(minver:"13.0.5026.0", ver:ver, fix:"13.0.5081.0", strict:FALSE) < 0 ||
# 2016 CU SP2
ver_compare(minver:"13.0.5149.0", ver:ver, fix:"13.0.5201.0", strict:FALSE) < 0 ||
# 2017 GDR
ver_compare(minver:"14.0.1000.0", ver:ver, fix:"14.0.2002.0", strict:FALSE) < 0 ||
# 2017 CU
ver_compare(minver:"14.0.3006.0", ver:ver, fix:"14.0.3035.0", strict:FALSE) < 0
)
{
report = '';
if(!empty_or_null(version)) report += '\n SQL Server Version : ' + version;
if(!empty_or_null(instance)) report += '\n SQL Server Instance : ' + instance;
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
}
else audit(AUDIT_INST_VER_NOT_VULN, "MSSQL", version);
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | sql_server | cpe:/a:microsoft:sql_server |
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.086 Low
EPSS
Percentile
94.5%