Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
CVE-2024-26186

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Sql Server 2017 (gdr); Microsoft Sql Server 2019 (gdr); Microsoft Sql Server 2017 (cu 31); Microsoft Sql Server 2022 (gdr)
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability exists within Microsoft SQL Server that allows for remote code execution. This issue is tied to the Native Scoring feature, potentially enabling attackers to execute arbitrary code on the affected system. This flaw could lead to significant security risks if left unpatched. Organizations utilizing Microsoft SQL Server are advised to implement necessary security measures and update their systems as per vendor guidelines to mitigate risks associated with this vulnerability.

Affected Version(s)

Microsoft SQL Server 2017 (CU 31) x64-based Systems 14.0.0 < 14.0.3475.1

Microsoft SQL Server 2017 (GDR) x64-based Systems 14.0.0 < 14.0.2060.1

Microsoft SQL Server 2019 (CU 28) x64-based Systems 15.0.0 < 15.0.4390.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Feb 14, 2024