CVE-2024-37341

Microsoft SQL Server Elevation of Privilege Vulnerability

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::
	cpe:2.3:a:microsoft:sql_server_2016:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2017:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2019:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*
	cpe:2.3:a:microsoft:sql_server_2022:::::::x64:*

History

23 Sep 2024, 16:38

Type	Values Removed	Values Added
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 - Patch, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 9.8
CWE		NVD-CWE-noinfo
Summary		(es) Vulnerabilidad de elevación de privilegios en Microsoft SQL Server
First Time		Microsoft sql Server 2019 Microsoft sql Server 2016 Microsoft sql Server 2017 Microsoft sql Server 2022 Microsoft Microsoft sql 2016 Azure Connect Feature Pack
CPE		cpe:2.3:a:microsoft:sql_server_2017:::::::x64:* cpe:2.3:a:microsoft:sql_server_2016:::::::x64:* cpe:2.3:a:microsoft:sql_server_2022:::::::x64:* cpe:2.3:a:microsoft:sql_server_2019:::::::x64:* cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack::::::::

10 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 17:15

Updated : 2024-09-23 16:38

NVD link : CVE-2024-37341

Mitre link : CVE-2024-37341

CVE.ORG link : CVE-2024-37341

JSON object : View

Products Affected

microsoft

sql_server_2016
sql_server_2017
sql_server_2019
sql_2016_azure_connect_feature_pack
sql_server_2022

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2024-37341", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secure@microsoft.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-09-10T17:15:18.617", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "secure@microsoft.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Microsoft SQL Server Elevation of Privilege Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft SQL Server"}], "lastModified": "2024-09-23T16:38:24.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_2016_azure_connect_feature_pack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EF3564F-A222-461C-B7B0-7C241CE8A6CA", "versionEndExcluding": "13.0.7040.1", "versionStartIncluding": "13.0.7000.253"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "52804B2D-2D71-41DC-92BC-4B3C086CFE59", "versionEndExcluding": "13.0.6441.1", "versionStartIncluding": "13.0.6300.2"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "092AF402-BDA3-46C2-ADB8-BEA92DF81BA5", "versionEndExcluding": "14.0.2060.1", "versionStartIncluding": "14.0.1000.169"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "6E6AD612-AB64-4454-970E-D868420C6CC6", "versionEndExcluding": "14.0.3475.1", "versionStartIncluding": "14.0.3006.16"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "64D0E7A9-846A-421E-A3E0-E2C0CDACD13C", "versionEndExcluding": "15.0.2120.1", "versionStartIncluding": "15.0.2000.5"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "AF8BBB82-ED5C-4943-A787-EA07536BCFBF", "versionEndExcluding": "15.0.4390.2", "versionStartIncluding": "15.0.4003.23"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "30D1D16A-0B3E-49B4-9DB4-77FC462BA503", "versionEndExcluding": "16.0.1125.1", "versionStartIncluding": "16.0.1000.6"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "matchCriteriaId": "148D362E-101A-4121-9790-B537D02CB114", "versionEndExcluding": "16.0.4140.3", "versionStartIncluding": "16.0.4003.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}