CVE-2022-47542
📋 TL;DR
CVE-2022-47542 is an incorrect access control vulnerability in Red Gate SQL Monitor that allows remote attackers to escalate privileges. This affects organizations using SQL Monitor versions 11.0.14 through 12.1.46 for database monitoring and management. Attackers can potentially gain administrative access to the monitoring system.
💻 Affected Systems
- Red Gate SQL Monitor
📦 What is this software?
Sql Monitor by Red Gate
Sql Monitor by Red Gate
⚠️ Risk & Real-World Impact
Worst Case
Full administrative compromise of SQL Monitor installation, allowing attacker to modify monitoring configurations, access sensitive database credentials, and potentially pivot to monitored database servers.
Likely Case
Unauthorized access to SQL Monitor administrative functions, enabling configuration changes, alert suppression, and access to monitored database performance data.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external access to SQL Monitor interfaces.
🎯 Exploit Status
Requires network access to SQL Monitor interface but authentication bypass allows privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 12.1.47 and later
Vendor Advisory: https://www.red-gate.com/privacy-and-security/vulnerabilities/2023-01-31-sql-monitor
Restart Required: Yes
Instructions:
1. Download SQL Monitor 12.1.47 or later from Red Gate website. 2. Run the installer to upgrade existing installation. 3. Restart SQL Monitor services after installation completes.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to SQL Monitor web interface to trusted IP addresses only.
Configure firewall rules to allow only specific source IPs to access SQL Monitor ports (typically 80/443)
Access Control Lists
windowsImplement strict authentication and authorization controls for SQL Monitor access.
Configure Windows authentication or strong password policies for SQL Monitor users
🧯 If You Can't Patch
- Implement strict network segmentation to isolate SQL Monitor from untrusted networks
- Enable detailed logging and monitoring for unauthorized access attempts to SQL Monitor
🔍 How to Verify
Check if Vulnerable:
Check SQL Monitor version in web interface under Help > About or via Windows Programs and Features.Check Version:
Check SQL Monitor web interface or examine installed programs listVerify Fix Applied:
Verify version is 12.1.47 or later and test that unauthorized privilege escalation attempts fail.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to administrative endpoints
- Privilege escalation events in SQL Monitor logs
- Unexpected user role changes
Network Indicators:
- Unusual traffic patterns to SQL Monitor administrative endpoints
- Requests bypassing normal authentication flows
SIEM Query:
source="sql-monitor-logs" AND (event_type="privilege_escalation" OR user_role_changed="true")