CVE-2022-21310 in MySQL Cluster
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/24/2022
The vulnerability identified as CVE-2022-21310 represents a significant security flaw within Oracle MySQL Cluster implementations, specifically affecting multiple version branches including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. This vulnerability resides within the Cluster: General component of the MySQL Cluster product, indicating a fundamental weakness in the core clustering functionality that governs distributed database operations. The affected versions span several major release lines, suggesting this represents a persistent architectural issue rather than a temporary coding oversight.
The technical nature of this vulnerability stems from insufficient security controls that allow an attacker with physical access to the communication segment connected to MySQL Cluster hardware to potentially compromise the entire cluster infrastructure. This attack vector requires the attacker to have high privilege access to the physical communication segment, which typically implies access to network infrastructure elements such as switches, routers, or direct physical connections to the hardware. The vulnerability's classification as difficult to exploit indicates that while the attack path exists, it requires specific conditions and expertise to successfully execute, making it less likely to be exploited by casual threat actors but still concerning for organizations with robust security postures.
From an operational impact perspective, successful exploitation of this vulnerability can result in complete takeover of the MySQL Cluster, which represents a catastrophic outcome for database security and availability. The CVSS 3.1 base score of 6.3 indicates a medium severity vulnerability that affects confidentiality, integrity, and availability simultaneously, meaning that an attacker could potentially exfiltrate sensitive data, modify database contents, or disrupt cluster operations entirely. The attack requires human interaction from someone other than the attacker, suggesting that social engineering or insider threats may play a role in successful exploitation, though the primary attack vector remains network-level compromise of the physical communication segment.
The vulnerability aligns with CWE-284 (Improper Access Control) and represents a classic example of inadequate network segmentation or physical security controls in distributed database environments. This weakness enables attackers to potentially perform privilege escalation or lateral movement within the cluster infrastructure, particularly when combined with other attack techniques that might be employed through the same physical network segment. Organizations implementing MySQL Cluster should consider this vulnerability in the context of ATT&CK framework's T1046 (Network Service Scanning) and T1071.004 (Application Layer Protocol: DNS) techniques, as the attack may involve reconnaissance activities targeting cluster communication protocols.
Mitigation strategies should focus on strengthening physical network security controls, implementing proper network segmentation between cluster communication segments and general network infrastructure, and ensuring that only authorized personnel have access to the physical communication segments. Organizations should also consider implementing additional monitoring and detection capabilities that can identify unusual network traffic patterns or unauthorized access attempts on cluster communication channels. The recommended approach includes upgrading to supported versions that contain patches for this vulnerability, implementing network access controls, and establishing robust physical security measures around database infrastructure. Regular security assessments and penetration testing should be conducted to identify and remediate similar vulnerabilities in the broader network infrastructure that could potentially enable similar attacks against database clusters.