CVE-2022-21285 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21285 represents a significant security flaw within Oracle MySQL Cluster components, specifically affecting versions up to 7.4.34, 7.5.24, 7.6.20, and 8.0.27. This issue falls under the Common Weakness Enumeration category CWE-284, which deals with improper access control mechanisms, and aligns with ATT&CK technique T1068 for local privilege escalation and lateral movement. The vulnerability exists within the Cluster: General component of MySQL Cluster, which serves as the foundational architecture for distributed database operations across multiple nodes.

The technical nature of this vulnerability stems from inadequate security controls that allow attackers with physical access to the communication segment where MySQL Cluster operates to execute compromising actions. The attack vector requires AV:A (Adjacent network) which indicates that an attacker must be positioned on the same physical network segment as the target hardware. The high privilege requirement (PR:H) suggests that the attacker needs elevated access rights, while the human interaction component (UI:R) indicates that successful exploitation requires some form of user involvement beyond the automated attack process. This combination places the vulnerability in a moderate to high severity category with a CVSS base score of 6.3.

The operational impact of this vulnerability extends beyond simple data compromise, as successful exploitation can result in complete takeover of the MySQL Cluster environment. This represents a critical threat to database availability, integrity, and confidentiality as outlined by the CVSS vector components. When an attacker gains control of the cluster, they can potentially access sensitive data, modify database contents, disrupt services, and establish persistent access points within the network infrastructure. The distributed nature of MySQL Cluster makes this particularly dangerous as compromise of a single node can potentially affect the entire cluster configuration.

Organizations affected by this vulnerability should prioritize immediate remediation efforts through patch management procedures, ensuring all supported versions are updated to versions beyond the vulnerable releases. Network segmentation strategies should be implemented to limit physical access to cluster hardware, while monitoring systems should be deployed to detect unusual network activity on segments hosting MySQL Cluster components. The vulnerability demonstrates the importance of layered security approaches, as physical network access combined with elevated privileges creates a dangerous attack surface that requires comprehensive defensive measures including access control reviews, network access controls, and regular security assessments to prevent exploitation.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.02686

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!