CVE-2017-3651

MEDIUM

Description

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

References

http://rhn.redhat.com/errata/RHSA-2016-2927.html

http://rhn.redhat.com/errata/RHSA-2016-2928.html

http://www.debian.org/security/2017/dsa-3922

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

http://www.securityfocus.com/bid/99802

http://www.securitytracker.com/id/1038928

https://access.redhat.com/errata/RHSA-2017:2192

https://access.redhat.com/errata/RHSA-2017:2787

https://access.redhat.com/errata/RHSA-2017:2886

https://access.redhat.com/errata/RHSA-2018:2439

https://access.redhat.com/errata/RHSA-2018:2729

Details

Source: MITRE

Published: 2017-08-08

Updated: 2018-09-21

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 4

Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (33 total)

ID	Name	Product	Family	Severity
118434	EulerOS Virtualization 2.5.0 : mariadb (EulerOS-SA-2018-1346)	Nessus	Huawei Local Security Checks	medium
118425	EulerOS Virtualization 2.5.1 : mariadb (EulerOS-SA-2018-1337)	Nessus	Huawei Local Security Checks	medium
117746	EulerOS 2.0 SP3 : mariadb (EulerOS-SA-2018-1303)	Nessus	Huawei Local Security Checks	medium
117592	Amazon Linux 2 : mariadb (ALAS-2018-1078)	Nessus	Amazon Linux Local Security Checks	high
112020	CentOS 7 : mariadb (CESA-2018:2439)	Nessus	CentOS Local Security Checks	high
111806	Scientific Linux Security Update : mariadb on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
111802	RHEL 7 : mariadb (RHSA-2018:2439)	Nessus	Red Hat Local Security Checks	high
111800	Oracle Linux 7 : mariadb (ELSA-2018-2439)	Nessus	Oracle Linux Local Security Checks	high
106885	GLSA-201802-04 : MySQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
103008	EulerOS 2.0 SP2 : mariadb (EulerOS-SA-2017-1170)	Nessus	Huawei Local Security Checks	medium
103007	EulerOS 2.0 SP1 : mariadb (EulerOS-SA-2017-1169)	Nessus	Huawei Local Security Checks	medium
102876	Amazon Linux AMI : mysql56 (ALAS-2017-888)	Nessus	Amazon Linux Local Security Checks	medium
102875	Amazon Linux AMI : mysql55 (ALAS-2017-887)	Nessus	Amazon Linux Local Security Checks	medium
102839	SUSE SLES11 Security Update : mysql (SUSE-SU-2017:2290-1)	Nessus	SuSE Local Security Checks	medium
102755	CentOS 7 : mariadb (CESA-2017:2192)	Nessus	CentOS Local Security Checks	medium
700187	Oracle MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700186	Oracle MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
700185	Oracle MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities	Nessus Network Monitor	Database	high
102329	Fedora 26 : community-mysql (2017-ee93493bea)	Nessus	Fedora Local Security Checks	medium
102328	Fedora 25 : community-mysql (2017-7c039552fa)	Nessus	Fedora Local Security Checks	medium
102299	Oracle Linux 7 : mariadb (ELSA-2017-2192)	Nessus	Oracle Linux Local Security Checks	medium
102152	RHEL 7 : mariadb (RHSA-2017:2192)	Nessus	Red Hat Local Security Checks	medium
102056	openSUSE Security Update : mysql-community-server (openSUSE-2017-866)	Nessus	SuSE Local Security Checks	medium
102046	Debian DSA-3922-1 : mysql-5.5 - security update	Nessus	Debian Local Security Checks	medium
102041	Debian DLA-1043-1 : mysql-5.5 security update	Nessus	Debian Local Security Checks	medium
101979	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101978	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (RPM Check) (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101977	MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)	Nessus	Databases	medium
101892	Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : mysql-5.5, mysql-5.7 vulnerabilities (USN-3357-1)	Nessus	Ubuntu Local Security Checks	medium
101828	FreeBSD : MySQL -- multiple vulnerabilities (cda2f3c2-6c8b-11e7-867f-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium
101821	MySQL 5.7.x < 5.7.19 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101820	MySQL 5.6.x < 5.6.37 Multiple Vulnerabilities (July 2017 CPU) (October 2017 CPU)	Nessus	Databases	high
101819	MySQL 5.5.x < 5.5.57 Multiple Vulnerabilities (July 2017 CPU)	Nessus	Databases	high