CVE-2022-21311 in MySQL Cluster
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/24/2022
The vulnerability identified as CVE-2022-21311 represents a significant security weakness within Oracle MySQL Cluster deployments, specifically affecting versions up to 7.4.34, 7.5.24, 7.6.20, and 8.0.27. This flaw resides in the Cluster: General component of the MySQL Cluster architecture, which serves as the foundational communication layer for distributed database operations. The vulnerability's classification as difficult to exploit indicates that while the attack vector is not trivial, it remains a genuine threat to database security. The attack requires an adversary to possess high privileged access to the physical communication segment connected to the MySQL Cluster hardware, suggesting that the threat actor must already have substantial network-level access or physical presence in the environment where the cluster operates.
The technical nature of this vulnerability stems from insufficient access controls and potential communication protocol weaknesses within the MySQL Cluster's network layer. The CVSS 3.1 score of 2.9 reflects the moderate severity of the threat, with confidentiality and availability impacts rated as low to moderate. The attack vector AV:A indicates that the vulnerability can be exploited through adjacent network access, meaning an attacker needs to be on the same physical network segment as the target system. The high attack complexity AC:H suggests that the exploitation requires significant technical knowledge and resources, while the high privilege requirement PR:H indicates that the attacker must already possess elevated credentials or access rights. The human interaction requirement UI:R suggests that successful exploitation may depend on some form of user action or specific operational conditions that facilitate the attack.
The operational impact of this vulnerability manifests in two primary areas: unauthorized read access to a subset of MySQL Cluster accessible data and the potential to cause partial denial of service. The unauthorized data read access represents a confidentiality breach where attackers can potentially extract sensitive information from the database cluster, though the scope is limited to a subset of accessible data rather than complete database compromise. The partial denial of service capability means that attackers can disrupt cluster operations, affecting availability of database services while not necessarily causing complete system failure. This vulnerability affects the overall integrity of the database cluster's security posture, potentially allowing attackers to gain insights into database operations and data structures without full system compromise.
Security mitigations for CVE-2022-21311 should focus on network segmentation and access control implementation. Organizations should ensure that MySQL Cluster components are isolated within secure network zones with restricted physical access controls. Network access controls should be implemented to limit communication to authorized systems only, reducing the attack surface for adjacent network exploitation. Regular updates and patch management procedures should be enforced to ensure that all MySQL Cluster deployments are updated to versions that address this vulnerability. The ATT&CK framework classification for this vulnerability would likely fall under network infiltration techniques, specifically targeting database communication protocols and access control mechanisms. Organizations should also implement monitoring solutions to detect unusual network activity patterns that might indicate exploitation attempts, particularly around cluster communication ports and protocols. The CWE reference for this type of vulnerability would relate to inadequate access control mechanisms and insufficient network segmentation within distributed database systems, emphasizing the need for robust security controls at the network layer where database cluster communications occur.