CVE-2017-3462

Severity

Theme

CVE-2017-3462

medium

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

References

http://www.debian.org/security/2017/dsa-3834

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html

http://www.securityfocus.com/bid/97851

http://www.securitytracker.com/id/1038287

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

Details

Source: MITRE

Published: 2017-04-24

Updated: 2019-10-03

Type: NVD-CWE-noinfo

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.5.0 to 5.5.54 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.6.0 to 5.6.35 (inclusive)

cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* versions from 5.7.0 to 5.7.17 (inclusive)

Configuration 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

ID	Name	Product	Family	Severity
106885	GLSA-201802-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
100276	Amazon Linux AMI : mysql55 (ALAS-2017-831)	Nessus	Amazon Linux Local Security Checks	high
100275	Amazon Linux AMI : mysql56 (ALAS-2017-830)	Nessus	Amazon Linux Local Security Checks	high
100039	openSUSE Security Update : mysql-community-server (openSUSE-2017-555) (Riddle)	Nessus	SuSE Local Security Checks	high
99760	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:1137-1) (Riddle)	Nessus	SuSE Local Security Checks	high
99723	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3269-1) (Riddle)	Nessus	Ubuntu Local Security Checks	high
99675	Debian DSA-3834-1 : mysql-5.5 - security update (Riddle)	Nessus	Debian Local Security Checks	high
99673	Debian DLA-916-1 : mysql-5.5 security update (Riddle)	Nessus	Debian Local Security Checks	high
99516	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99515	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99514	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99513	MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU)	Nessus	Databases	medium
99512	MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities (April 2017 CPU) (July 2017 CPU) (Riddle)	Nessus	Databases	medium
99510	MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities (April 2017 CPU) (Riddle)	Nessus	Databases	medium
99497	FreeBSD : MySQL -- multiple vulnerabilities (d9e01c35-2531-11e7-b291-b499baebfeaf) (Riddle)	Nessus	FreeBSD Local Security Checks	high
700064	Oracle MySQL 5.7.x < 5.7.18 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700063	Oracle MySQL 5.6.x < 5.6.36 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700062	Oracle MySQL 5.5.x < 5.5.55 Multiple Vulnerabilities	Nessus Network Monitor	Database	high