cbcvebase.
CVE-2018-8609
published 2018-11-14

CVE-2018-8609: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an…

PriorityP259high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
8.72%
94.5th percentile
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftdynamics_365>= 8.0 < 8.2.3.00038.2.3.0003
microsoftmicrosoft_dynamics_365
msrcmicrosoft_dynamics_365_version_8

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-8609 is exploitable by an authenticated attacker sending a specially crafted web request to an on-premises Microsoft Dynamics 365 (version 8) server; monitor for anomalous or malformed HTTP requests targeting Dynamics 365 endpoints
  • Successful exploitation results in code execution in the context of the SQL service account; alert on unexpected process spawning or outbound connections originating from the SQL service account on Dynamics 365 servers
  • Root cause is insufficient sanitization of web request input on the Dynamics server; inspect web/application logs on Dynamics 365 on-premises servers for unusual or malformed input in web requests
  • Scope is limited to Microsoft Dynamics 365 on-premises version 8 deployments; prioritize patching and monitoring for any on-prem Dynamics 365 v8 instances exposed to authenticated users
  • ·Exploit status confirmed as not publicly disclosed and not exploited in the wild at time of patch release; no public PoC available
  • ·Vulnerability only affects Microsoft Dynamics 365 on-premises version 8; cloud/hosted deployments are not in scope
  • ·Exploitation requires authentication; unauthenticated remote exploitation is not possible

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_msrc8.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.