CVE-2020-0618 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) affects v. Microsoft SQL Server 2012 for 32-bit Systems Service Pack 4 (QFE), 2012 for x64-based Systems Service Pack 4 (QFE), 2016 for x64-based Systems Service Pack 2 (CU) and unknown versions of Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU).
Short Info
Level
High
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
30 sec
Scan only one
Url
Parent Category
CVE-2020-0618 Scanner Detail
Microsoft SQL Server is a relational database management system that is used for storing and retrieving data. It can be used for a wide range of purposes, including managing websites, running business applications, and storing data for analysis. Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU) are all different versions of Microsoft SQL Server that are used for different purposes depending on the needs of the user.
The CVE-2020-0618 vulnerability is a remote code execution (RCE) vulnerability that affects Microsoft SQL Server. This vulnerability occurs when the system incorrectly handles page requests, which can allow an attacker to remotely execute code on the affected SQL Server instance. This vulnerability was discovered by security researchers and reported to Microsoft, who addressed the issue by releasing a patch.
Exploiting this vulnerability can lead to a number of consequences that can be damaging to an organization. For example, an attacker can gain access to sensitive data stored within the database, modify or delete data within the database, and even take control of the entire SQL Server system. These consequences could have serious business implications, such as reputational damage, financial losses, and legal liabilities.
In conclusion, the CVE-2020-0618 vulnerability is a serious threat to organizations using Microsoft SQL Server. It is important to take appropriate precautions to protect against this vulnerability, as well as to regularly audit and monitor the SQL Server system for any signs of suspicious activity. By taking these steps, organizations can ensure the safety and security of their data, as well as their reputation and financial well-being.
REFERENCES
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618
- http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html
- http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html
control security posture