CVE-2020-2572 in MySQL Server
Summary
by MITRE
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/23/2024
The vulnerability identified as CVE-2020-2572 resides within the MySQL Server audit plugin component of Oracle MySQL database systems. This flaw affects specific versions including all 5.7.x releases prior to 5.7.28 and all 8.0.x releases prior to 8.0.18, representing a significant security gap that has persisted across major MySQL releases. The vulnerability is classified as easily exploitable, meaning that attackers with minimal technical expertise can leverage this weakness to compromise affected systems, particularly when they possess high-privilege network access through multiple protocols.
The technical nature of this vulnerability stems from improper access controls within the Server: Audit Plugin component, which is responsible for monitoring and logging database activities. This flaw allows a high-privileged attacker who can establish network connections to the MySQL server to gain unauthorized access to modify database contents through update, insert, or delete operations on specific data sets that the server can access. The vulnerability's CVSS 3.0 score of 2.7 reflects its relatively low severity compared to other database vulnerabilities, but the integrity impact rating of 'L' (low) indicates that successful exploitation could result in data corruption or manipulation, which poses significant risks to database integrity and data consistency.
The operational impact of this vulnerability extends beyond simple data modification, as it represents a critical weakness in MySQL's security architecture that could enable attackers to undermine the trustworthiness of database operations. The fact that this vulnerability requires only high-privileged network access makes it particularly concerning because it suggests that attackers who have already established a foothold within a network environment with elevated privileges could use this flaw to further compromise database integrity. This vulnerability falls under the CWE category of insufficient access control, specifically CWE-284, which addresses improper access control mechanisms in software systems. The attack surface is broad as it affects multiple protocols that MySQL supports, including TCP/IP connections, which are fundamental to database communication.
From an adversarial perspective, this vulnerability aligns with ATT&CK tactics that involve privilege escalation and persistence within database environments. The CVSS vector analysis reveals that the attack requires network access (AV:N) with low complexity (AC:L) and high privileges (PR:H), indicating that while the technical barrier to exploitation is relatively low, attackers must already possess elevated access levels within the network. The absence of user interaction (UI:N) and the lack of scope change (S:U) suggest that the attack does not require additional system compromise or escalation to affect other systems beyond the targeted MySQL instance. Organizations should implement immediate mitigations including upgrading to patched versions of MySQL 5.7.28 or 8.0.18, and potentially implementing additional network segmentation and access controls to limit the potential impact of this vulnerability.