⚠ Actively exploited

Added to CISA KEV on 2024-09-18. Federal agencies required to patch by 2024-10-09. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2020-0618 — Deserialization of Untrusted Data in Microsoft SQL Server

CWE-502 — Deserialization of Untrusted Data CWE-20 — Improper Input Validation11 documents11 sources

Severity

8.8HIGHNVD

EPSS

94.3%

top 0.07%

CISA KEV

KEV

Added 2024-09-18

Due 2024-10-09

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft SQL Server Microsoft SQL Server 2014 Service Pack 3 FOR 32-bit Systems Microsoft SQL Server 2014 Service Pack 3 FOR X64-based Systems +2 more

Timeline

PublishedFeb 11

KEV addedSep 18

KEV dueOct 9

CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDmicrosoft/sql_server2012, 2014, 2016+2

▶CVEListV5microsoft/microsoft_sql_server2012 for 32-bit Systems Service Pack 4 (QFE), 2012 for x64-based Systems Service Pack 4 (QFE), 2016 for x64-based Systems Service Pack 2 (CU)+2

▶CVEListV5microsoft/microsoft_sql_server_2014_service_pack_3_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_sql_server_2014_service_pack_3_for_x64-based_systemsunspecified

▶CVEListV5microsoft/microsoft_sql_server_2016_for_x64-based_systems_service_pack_2unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-jcvj-vhj2-vgmw: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL↗2022-05-24

▶

OSV

mailman vulnerabilities↗2020-04-29

▶

CVEList

CVE-2020-0618: A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL↗2020-02-11

▶

VulnCheck

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability↗2020

▶

💥Exploits & PoCs

Exploit-DB

Microsoft SQL Server Reporting Services 2016 - Remote Code Execution↗2020-09-17

▶

Nuclei

Microsoft SQL Server Reporting Services - Remote Code Execution

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)↗2020-02-18

▶

📋Vendor Advisories

CISA

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability↗2024-09-18

▶

Microsoft

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability↗2020-02-11

▶