CVE-2022-21287 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21287 represents a significant security weakness within Oracle MySQL Cluster implementations that affects multiple version lines including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. This flaw exists within the Cluster: General component of the MySQL Cluster product, which serves as the foundational architecture for distributed database operations. The vulnerability's classification as difficult to exploit indicates that while the attack vector is not trivial, it remains a serious concern for organizations operating MySQL Cluster environments. The security implications extend beyond simple data compromise, as successful exploitation can result in complete takeover of the MySQL Cluster system, fundamentally undermining the database infrastructure's integrity and operational continuity.

The technical nature of this vulnerability stems from insufficient security controls within the cluster communication mechanisms, particularly when attackers have physical access to the network segment where MySQL Cluster nodes operate. This scenario creates a unique attack surface where an adversary with access to the physical communication segment can leverage their privileged position to compromise the entire cluster infrastructure. The CVSS 3.1 score of 6.3 reflects the moderate to high severity impact across confidentiality, integrity, and availability dimensions, with attack vector classified as adjacent network access (AV:A), high complexity (AC:H), high privileges required (PR:H), and requiring human interaction (UI:R). The unspecified scope (S:U) indicates that the vulnerability affects the same security domain as the target system.

The operational impact of CVE-2022-21287 extends far beyond traditional database security concerns, as it represents a critical failure in the distributed system's security architecture. Organizations relying on MySQL Cluster for mission-critical applications face potential data breaches, service disruptions, and complete system compromise when this vulnerability is exploited. The requirement for human interaction from individuals other than the attacker suggests that social engineering or insider threat scenarios may be particularly relevant, as the attack chain often involves legitimate users who inadvertently facilitate the compromise. This vulnerability directly maps to CWE-284 (Improper Access Control) and aligns with ATT&CK techniques involving privilege escalation and lateral movement within networked environments, specifically targeting the cluster's distributed communication protocols and node-to-node authentication mechanisms.

Organizations should implement immediate mitigations including network segmentation to isolate MySQL Cluster communications from general network traffic, deployment of enhanced monitoring for unusual cluster communication patterns, and implementation of strict access controls for physical network segments. The recommended approach involves upgrading to patched versions of MySQL Cluster, implementing network-level controls to restrict communication between cluster nodes, and establishing comprehensive audit procedures for cluster management activities. Additionally, organizations should consider implementing intrusion detection systems specifically configured to monitor for cluster-specific attack patterns and maintain detailed incident response procedures for potential cluster compromise scenarios. The vulnerability's characteristics align with ATT&CK tactic TA0003 (Persistence) and TA0004 (Privilege Escalation), making comprehensive security posture assessment essential for organizations operating affected MySQL Cluster deployments.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.02686

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!