CVE-2023-21887
published 2023-01-18CVE-2023-21887: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily…
PriorityP433medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
43.13%
98.6th percentile
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mysql-8.0 | < mysql-8.0 8.0.32-1 (sid) | mysql-8.0 8.0.32-1 (sid) |
| ivanti | connect_secure_and_policy_secure | — | — |
| msrc | cbl2_mysql_8.0.32-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_mysql_8.0.32-1_on_cbl_mariner_1.0 | — | — |
| oracle | mysql | 8.0.0 – 8.0.31 | — |
| oracle_corporation | mysql_server | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv4.9MEDIUM
vendor_debian4.9MEDIUM
vendor_msrc4.9MEDIUM
vendor_oracle4.9MEDIUM
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-28xr-rgjv-2mgp: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS)
ghsa_unreviewed·2023-01-18
CVE-2023-21887 [MEDIUM] GHSA-28xr-rgjv-2mgp: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
OSV
CVE-2023-21887: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS)
osv·2023-01-18·CVSS 4.9
CVE-2023-21887 [MEDIUM] CVE-2023-21887: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Ivanti
Ivanti Connect Secure and Policy Secure Command Injection
vendor_ivanti·2024-01-10·CVSS 9.1
CVE-2024-21887 [HIGH] Ivanti Connect Secure and Policy Secure Command Injection
Ivanti Connect Secure and Policy Secure Command Injection
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
CVE IDs: CVE-2024-21887
Affected products: Connect Secure, Policy Secure
This vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Remediation Due Date: 2024-01-22
Known to be used in ransomware camp
Ubuntu
MySQL vulnerabilities
vendor_ubuntu·2023-01-24
CVE-2023-21869 MySQL vulnerabilities
Title: MySQL vulnerabilities
Summary: Several security issues were fixed in MySQL.
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.32 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.41.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-41.html
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
https://www.oracle.com/security-alerts/cpujan2023.html
Instructions: This update uses a new upstream release, which includes additional bug
fixes. I
Red Hat
mysql: Server: GIS unspecified vulnerability (CPU Jan 2023)
vendor_redhat·2023-01-17·CVSS 4.9
CVE-2023-21887 [MEDIUM] mysql: Server: GIS unspecified vulnerability (CPU Jan 2023)
mysql: Server: GIS unspecified vulnerability (CPU Jan 2023)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Package: mysql (Red Hat Enterprise Linux 6) - Not affected
Package: mariadb (Red Hat Enterprise Linux 7) - Not affected
Package: mariadb:10.3/mariadb (Red Hat Enterprise Linux 8) - Not affected
Oracle
Oracle Oracle MySQL Risk Matrix: Server: GIS — CVE-2023-21887
vendor_oracle·2023-01-15·CVSS 4.9
CVE-2023-21887 [MEDIUM] Oracle Oracle MySQL Risk Matrix: Server: GIS — CVE-2023-21887
Oracle Oracle MySQL Risk Matrix: Server: GIS vulnerability
CVE: CVE-2023-21887
CVSS: 4.9
Protocol: MySQL Protocol
Remote exploit: No
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
Microsoft
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged
vendor_msrc·2023-01-10·CVSS 4.9
CVE-2023-21887 [MEDIUM] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep
Debian
CVE-2023-21887: mysql-8.0 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GI...
vendor_debian·2023·CVSS 4.9
CVE-2023-21887 [MEDIUM] CVE-2023-21887: mysql-8.0 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GI...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Scope: local
sid: resolved (fixed in 8.0.32-1)
No detection rules found.
No public exploits indexed.
Zscaler
Another CVE (PAN-OS Zero Day) | Zscaler
blogs_zscaler·2024-04-12·CVSS 10.0
[CRITICAL] Another CVE (PAN-OS Zero Day) | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Checkpoint
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
blogs_checkpoint·2024-03-08·CVSS 4.9
CVE-2024-21887 [MEDIUM] Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
## Key Points
Magnet Goblin is a financially motivated threat actor that quickly adopts and leverages 1-day vuln
Volexity
Ivanti Connect Secure VPN Exploitation: New Observations
blogs_volexity·2024-01-18·CVSS 8.2
CVE-2024-21887 [HIGH] Ivanti Connect Secure VPN Exploitation: New Observations
Threat Intelligence
## Ivanti Connect Secure VPN Exploitation: New Observations
January 18, 2024
Matthew Meltzer, Sean Koessel, and Steven Adair
On January 15, 2024, Volexity detailed widespread exploitation of Ivanti Connect Secure VPN vulnerabilities CVE-2024-21887 and CVE-2023-46805 . In that blog post, Volexity detailed broader scanning and exploitation by threat actors using still non-public exploits to compromise numerous devices. The following day, January 16, 2024, proof-of-concept code for the exploit was made public. Subsequently, Volexity has observed an increase in attacks from various threat actors against Ivanti Connect Secure VPN appliances beginning the same day.
Additionally, Volexity has continued its investigation into activity conducted by UTA0178 and made a few no
Zscaler
CISO Monthly Roundup, January 2024: Zero day VPN vulnerabilities, DreamBus, ZLoader, Qakbot, and recent security advisories | CXO Revolutionaries
blogs_zscaler·CVSS 4.9
[MEDIUM] CISO Monthly Roundup, January 2024: Zero day VPN vulnerabilities, DreamBus, ZLoader, Qakbot, and recent security advisories | CXO Revolutionaries
EDITOR'S PICK
## CISO Monthly Roundup, January 2024: Zero day VPN vulnerabilities, DreamBus, ZLoader, Qakbot, and recent security advisories
Deepen Desai
Contributor
Zscaler
## Feb 13, 2024
In the latest edition of the CISO Monthly Roundup we examine recent zero day VPN vulnerabilities and offer threat analysis on DreamBus, ZLoader, and Qakbot. We also take a look at recent security advisories and offer our insights.
The CISO Monthly Roundup provides the latest threat research from the ThreatLabz team, along with CISO insights on other cyber-related subjects. Over the past month ThreatLabz has examined Ivanti VPN vulnerabilities, performed a deep dive on Qakbot, analyzed new DreamBus modules, discovered new Zloader capabilities and addressed relevant security advisories.
## Critica
Zscaler
CISO Monthly Roundup, February 2024: Ivanti VPN exploits, WINELOADER attacks on European diplomats, Pikabot analysis, and Midnight Blizzard campaign | CXO Revolutionaries
blogs_zscaler·CVSS 4.9
[MEDIUM] CISO Monthly Roundup, February 2024: Ivanti VPN exploits, WINELOADER attacks on European diplomats, Pikabot analysis, and Midnight Blizzard campaign | CXO Revolutionaries
## CISO Monthly Roundup, February 2024: Ivanti VPN exploits, WINELOADER attacks on European diplomats, Pikabot analysis, and Midnight Blizzard campaign
Deepen Desai
Contributor
Zscaler
## Mar 11, 2024
CISO Monthly Roundup, February 2024: Ivanti VPN exploits, WINELOADER attacks on European diplomats, Pikabot analysis, and Midnight Blizzard campaign
The CISO Monthly Roundup provides the latest threat research from the ThreatLabz team, along with CISO insights on cyber-related subjects. Over the past month we helped global organizations respond to the fallout from Ivanti VPN Zero Day exploits, investigated SPIKEDWINE campaign targeting European diplomats, delved into the details of Pikabot, and examined the Midnight Blizzard campaign.
## ThreatLabz Coverage Advisory: Ivanti’s VPN Vulne
Threat Intel
UNC5337
threat_intel·CVSS 8.2
CVE-2023-46805 [HIGH] UNC5337
# Threat Actor: UNC5337
## Description
UNC5337 is a suspected China-nexus espionage actor that compromised Ivanti Connect Secure VPN appliances as early as Jan. 2024. UNC5337 is suspected to exploit CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection) for infecting Ivanti Connect Secure appliances. UNC5337 leveraged multiple custom malware families including the SPAWNSNAIL passive backdoor, SPAWNMOLE tunneler, SPAWNANT installer, and SPAWNSLOTH log tampering utility. Mandiant suspects with medium confidence that UNC5337 is UNC5221.
2023-01-18
Published