Unauthenticated Network Vulnerability in Advanced Networking Option of Oracle Database Server
CVE-2021-2018

8.3HIGH

Key Information:

Vendor: Oracle
Status: Advanced Networking Option
Vendor: CVE Published:; 20 January 2021

Summary

A vulnerability exists in the Advanced Networking Option component of Oracle Database Server, affecting versions 18c and 19c. This vulnerability permits an unauthenticated attacker with network access via Oracle Net to potentially compromise the Advanced Networking Option. While the exploitation requires human interaction from a third party, the risks extend beyond this component, posing significant threats to additional products. This vulnerability specifically impacts the Windows platform, highlighting the necessity for prompt security measures to mitigate potential takeover risks.

Affected Version(s)

Advanced Networking Option 18c

Advanced Networking Option 19c

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020