Login Sign Up

CVE-2024-12746

8.0 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in the Amazon Redshift ODBC Driver allows attackers to execute arbitrary SQL commands through the SQLTables or SQLColumns Metadata APIs, potentially leading to privilege escalation. It affects users of the Amazon Redshift ODBC Driver version 2.1.5.0 on both Windows and Linux systems.

💻 Affected Systems

Products:
  • Amazon Redshift ODBC Driver
Versions: Version 2.1.5.0 only
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects version 2.1.5.0; versions 2.1.4.0 and earlier, and 2.1.6.0 and later are not vulnerable.

📦 What is this software?

Redshift Odbc Driver by Amazon

View all CVEs affecting Redshift Odbc Driver →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including data exfiltration, privilege escalation to administrative access, and potential lateral movement to other systems.

🟠

Likely Case

Unauthorized data access, privilege escalation within the Redshift database, and potential data manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege access controls, and monitoring in place.

🌐 Internet-Facing: MEDIUM - While the driver itself isn't typically internet-facing, applications using it might be exposed.
🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this to escalate privileges and access sensitive data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access to the ODBC driver, but SQL injection vulnerabilities are typically easy to exploit once discovered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.6.0

Vendor Advisory: https://aws.amazon.com/security/security-bulletins/AWS-2024-015/

Restart Required: Yes

Instructions:

1. Download version 2.1.6.0 from the official AWS repository. 2. Uninstall the current ODBC driver. 3. Install the new version. 4. Restart any applications using the driver.

🔧 Temporary Workarounds

Revert to previous version

all

Downgrade to version 2.1.4.0 which is not affected by this vulnerability

Download and install version 2.1.4.0 from AWS repository

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in applications using the ODBC driver
  • Apply network segmentation to limit access to systems using the vulnerable driver

🔍 How to Verify

Check if Vulnerable:

Check the ODBC driver version in system settings or using odbcinst -q -d on Linux

Check Version:

odbcinst -q -d (Linux) or check ODBC Data Source Administrator (Windows)

Verify Fix Applied:

Verify the driver version shows 2.1.6.0 or 2.1.4.0 after update/downgrade

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries through ODBC driver
  • Multiple failed authentication attempts followed by successful connection
  • Unexpected privilege escalation events

Network Indicators:

  • Unusual database query patterns from ODBC connections
  • Multiple metadata API calls in short timeframes

SIEM Query:

source="redshift_odbc" AND (query="SQLTables" OR query="SQLColumns") AND query CONTAINS suspicious_patterns

📊 Metadata

CVE ID: CVE-2024-12746
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 24, 2024
Last Updated: December 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12746, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)