CVE-2022-21312 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21312 represents a significant security weakness within Oracle MySQL Cluster implementations that affects multiple version branches including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. This vulnerability operates within the Cluster: General component of the MySQL Cluster product suite and demonstrates characteristics that align with CWE-284, which addresses improper access control mechanisms. The flaw specifically targets the physical communication segment where MySQL Cluster operates, requiring an attacker with high privileges and direct access to the hardware's network interface to exploit the weakness effectively.

The technical nature of this vulnerability stems from insufficient access controls that govern communication within the cluster environment. Attackers with access to the physical network segment where cluster nodes reside can potentially compromise the system by leveraging their elevated privileges. The CVSS 3.1 scoring of 2.9 reflects the relatively low complexity required for exploitation, yet the vulnerability requires human interaction from individuals other than the primary attacker, indicating a social engineering or operational compromise element. The attack vector AV:A indicates that physical access to the communication segment is necessary, while the high privilege requirement PR:H suggests that attackers must already possess significant system access rights. The vulnerability's impact is measured through confidentiality and availability concerns, with a low level of impact on integrity as indicated by the CVSS vector.

The operational consequences of successful exploitation include unauthorized read access to a subset of MySQL Cluster accessible data, which represents a data confidentiality breach that could expose sensitive information stored within the cluster environment. Additionally, the vulnerability enables attackers to cause partial denial of service conditions that can disrupt cluster operations and compromise system availability. This dual impact on confidentiality and availability aligns with the attack pattern described in the ATT&CK framework under T1071.004 for Application Layer Protocol: DNS and T1499.004 for Endpoint Denial of Service. The partial DOS capability suggests that while complete system compromise may not be achievable, significant operational disruption can occur, affecting database availability and potentially causing cascading failures within applications dependent on the cluster.

Mitigation strategies should focus on implementing robust network segmentation controls to prevent unauthorized physical access to communication segments where MySQL Cluster nodes operate. Network access control lists and physical security measures must be strengthened to limit access to authorized personnel only. Regular security assessments should validate that proper access controls are maintained and that no unauthorized physical access points exist within the cluster environment. System administrators should implement monitoring solutions that can detect unusual network activity patterns that might indicate exploitation attempts. The vulnerability's requirement for human interaction suggests that social engineering training and access control reviews should be prioritized to prevent unauthorized individuals from gaining the necessary access to exploit the flaw. Organizations should also consider implementing network intrusion detection systems specifically configured to monitor for cluster communication anomalies that could indicate exploitation of this vulnerability.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01443

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!