Microsoft SQL Server 2014 SP2 12.0.5000.0 through 12.0.5202.0 Privilege Escalation (3194714)

Medium Nessus Network Monitor Plugin ID 9813

Synopsis

The remote host is running a version of SQL Server that is vulnerable to a privilege escalation attack vector.

Description

The remote host is running a version of Microsoft SQL Server 2014 SP2 12.0.5000.0 through 12.0.5202.0 and is affected by a flaw in the RDBMS engine that is triggered during the handling of pointer casting. This may allow an authenticated attacker to gain elevated privileges.

Solution

Update to SQL Server 2014 SP2 12.0.5203.0 or higher.

See Also

https://technet.microsoft.com/library/security/ms16-136

Plugin Details

Severity: Medium

ID: 9813

File Name: 9813.prm

Family: Database

Published: 2016/12/12

Modified: 2016/12/12

Dependencies: 9511

Nessus ID: 94637

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 5.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

CVSSv3

Base Score: 6.2

Temporal Score: 5.9

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:X/RL:O/RC:C

Vulnerability Information

Patch Publication Date: 2016/11/08

Vulnerability Publication Date: 2016/11/08

Reference Information

CVE: CVE-2016-7250

BID: 94060