Microsoft SQL Server 2014 SP2 12.0.5000.0 through 12.0.5202.0 Privilege Escalation (3194714)

medium Nessus Network Monitor Plugin ID 9813

Synopsis

The remote host is running a version of SQL Server that is vulnerable to a privilege escalation attack vector.

Description

The remote host is running a version of Microsoft SQL Server 2014 SP2 12.0.5000.0 through 12.0.5202.0 and is affected by a flaw in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges.

Solution

Update to SQL Server 2014 SP2 12.0.5203.0 or higher.

See Also

https://technet.microsoft.com/library/security/ms16-136

Plugin Details

Severity: Medium

ID: 9813

Family: Database

Published: 12/12/2016

Updated: 3/6/2019

Nessus ID: 94637

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:X/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server:2014:sp2

Patch Publication Date: 11/8/2016

Vulnerability Publication Date: 11/8/2016

Reference Information

CVE: CVE-2016-7250

BID: 94060