Vulnerable versions can be exploited through InnoDB privilege user account, which allows high privileged user account to exploit these vulnerabilities. Bugtraq ID: 9361 Exploiting the vulnerability requires remote user to have SQL privilege, otherwise cannot be exploited. CVSS 3.1 Base Score 5.6 (Privilege escalation). Vulnerable Software Versions If you are using MySQL 8.0 or below, you are vulnerable. CVSS 3.0 Severity Score and Metrics If you are using MySQL 8.0 or below, you are vulnerable. Confidentiality Impact NONE Confidentiality Impact NONE Integrity Impact NONE Integrity Impact NONE Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Availability Impact HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Remote Exploitable Vulnerability N/A Local Exploitable Vulnerability HIGH (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) Known Vulnerabilities CVE-2017-10267 CVE-2017-10268 CVE-2017-10269 CVE-2017-10
MySQL Database Vulnerabilities
MySQL is vulnerable to CVE-2017-10267, CVE-2017-10268, and CVE-2017-10269. These vulnerabilities allow low privilege user account to exploit these vulnerabilities in order to escalate their privileges to high privileged user account.
The vulnerabilities can be exploited by a low privilege user account when the MySQL server does not have the skip-grant option in its configuration file. This issue allows for privilege escalation from low privilege user account to high privileged user account.
Bugtraq ID: 9361
MySQL 8.0 reached end of update support on October 10th, 2018
According to the official statement, MySQL 8.0 reached end of update support on Oct 10th, 2018. The version which was released in 2016 and which is not supported by its developers anymore was found to be vulnerable to a privilege escalation bug which allowed high privileged user account to exploit these vulnerabilities.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC