CVE-2024-37980
Improper Privilege Management (CWE-269)
Published: Sep 10, 2024
010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability. This is a network-based vulnerability with low attack complexity and requires low privileges to exploit. It does not require user interaction. The vulnerability has a high impact on confidentiality, integrity, and availability, with a CVSS base score of 8.8.
Impact
Successful exploitation could allow an attacker to elevate their privileges within the SQL Server environment, potentially gaining unauthorized access to sensitive data, modifying database contents, or disrupting database services. This vulnerability has a high impact on confidentiality, integrity, and availability.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available. Microsoft has released an official fix for this vulnerability on September 10, 2024.
Mitigation
1. Apply the official patch released by Microsoft as soon as possible. 2. Limit network access to SQL Server instances to trusted hosts and networks. 3. Implement the principle of least privilege for SQL Server user accounts. 4. Monitor SQL Server logs for suspicious activities. 5. Keep SQL Server and related systems up-to-date with the latest security patches.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Timeline
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Qualys (380469)
Sep 10, 2024 at 7:53 AM
CVSS
A CVSS base score of 8.8 has been assigned.
Sep 10, 2024 at 4:55 PM / microsoft
First Article
Feedly found the first article mentioning CVE-2024-37980. See article
Sep 10, 2024 at 5:00 PM / Microsoft Security Advisories - MSRC
CVSS Estimate
Feedly estimated the CVSS score as HIGH
Sep 10, 2024 at 5:01 PM
CVE Assignment
NVD published the first details for CVE-2024-37980
Sep 10, 2024 at 5:15 PM
EPSS
EPSS Score was set to: 0.05% (Percentile: 20%)
Sep 11, 2024 at 10:12 AM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Nessus (207068)
Sep 12, 2024 at 5:15 PM
Detection in Vulnerability Scanners
Detection for the vulnerability has been added to Nessus (207065)
Sep 12, 2024 at 5:15 PM
EPSS
EPSS Score was set to: 0.05% (Percentile: 20.6%)
Nov 19, 2024 at 2:33 PM
Affected Systems
Microsoft/sql_server
+null more
Patches
Microsoft
+null more
Links to Mitre Att&cks
T1548: Abuse Elevation Control Mechanism
+null more
Attack Patterns
CAPEC-122: Privilege Abuse
+null more
News
CVE-2024-37980 Microsoft SQL Server Elevation of Privilege Vulnerability
Vulnerability Summary for the Week of September 9, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Siemens–Industrial Edge Management Pro A vulnerability has been identified in Industrial Edge Management Pro (All versions 2024-09-10 10 CVE-2024-45032 productcert@siemens.com SAML-Toolkits–ruby-saml The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in 2024-09-10 10 CVE-2024-45409 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com Baxter–Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal’s database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. 2024-09-09 10 CVE-2024-6795 productsecurity@baxter.com nik00726–video carousel slider with lightbox The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-09-11 9.1 CVE-2019-25212 security@wordfence.com security@wordfence.com security@wordfence.com n/a–n/a Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. 2024-09-10 9.8 CVE-2023-37226 cve@mitre.org cve@mitre.org cve@mitre.org n/a–n/a Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. 2024-09-10 9.8 CVE-2023-37227 cve@mitre.org cve@mitre.org cve@mitre.org n/a–n/a Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. 2024-09-10 9.8 CVE-2023-37231 cve@mitre.org cve@mitre.org cve@mitre.org Simple Online Planning–SO Planning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system.
September 2024 – Microsoft Patch Tuesday Highlights
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in several software products. Updates for vulnerabilities in Microsoft Office and Components, Windows Hyper-V, Windows DHCP Server, Microsoft Streaming Service, Microsoft Management Console, Windows MSHTML Platform, Microsoft Dynamics 365 (on-premises), and other areas are included in the September edition of Microsoft Patch Tuesday.
US-CERT Vulnerability Summary for the Week of September 9, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High : vulnerabilities with a CVSS base score of 7.0–10.0 Medium : vulnerabilities with a CVSS base score of 4.0–6.9 Low : vulnerabilities with a CVSS base score of 0.0–3.9 Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links.
Vulnerability Summary for the Week of September 9, 2024
Vulnerability Summary for the Week of September 9, 2024 aschloder Sep 16, 2024 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Siemens--Industrial Edge Management Pro A vulnerability has been identified in Industrial Edge Management Pro (All versions 2024-09-10 10 CVE-2024-45032 productcert@siemens.com SAML-Toolkits--ruby-saml The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in 2024-09-10 10 CVE-2024-45409 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com Baxter--Connex Health Portal In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database. An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content and/or perform administrative operations including shutting down the database. 2024-09-09 10 CVE-2024-6795 productsecurity@baxter.com nik00726--video carousel slider with lightbox The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-09-11 9.1 CVE-2019-25212 security@wordfence.com security@wordfence.com security@wordfence.com n/a--n/a Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. 2024-09-10 9.8 CVE-2023-37226 cve@mitre.org cve@mitre.org cve@mitre.org n/a--n/a Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. 2024-09-10 9.8 CVE-2023-37227 cve@mitre.org cve@mitre.org cve@mitre.org n/a--n/a Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. 2024-09-10 9.8 CVE-2023-37231 cve@mitre.org cve@mitre.org cve@mitre.org Simple Online Planning--SO Planning A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system.
See 36 more articles and social media posts