CVE-2022-21323 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21323 affects Oracle MySQL Cluster components and represents a significant security concern for database infrastructure. This vulnerability exists within the Cluster: General component of MySQL Cluster and impacts multiple version ranges including 7.5.24 and prior, 7.6.20 and prior, and 8.0.27 and prior versions. The affected systems operate under the assumption that physical network segment access can be leveraged by attackers to compromise cluster integrity, making this a particularly concerning issue for organizations that rely on MySQL Cluster for critical database operations.

The technical nature of this vulnerability requires a specific attack vector that involves an attacker with high privileges and access to the physical communication segment connected to the MySQL Cluster hardware. This constraint places the vulnerability in the context of a man-in-the-middle or physical network compromise scenario rather than a traditional remote exploit. The CVSS score of 2.9 reflects the limited exploitability characteristics, with a high attack complexity rating of H, indicating that successful exploitation requires significant technical expertise and specific conditions. The vulnerability's classification as difficult to exploit means that while the attack is possible, it requires specialized knowledge and circumstances to execute successfully.

The operational impact of this vulnerability manifests in two primary areas: unauthorized read access to a subset of MySQL Cluster accessible data and the ability to cause partial denial of service conditions. The confidentiality impact is rated as low, suggesting that attackers can access only specific data subsets rather than entire databases or systems. However, the availability impact is rated as low as well, indicating partial denial of service rather than complete system compromise. The requirement for human interaction from someone other than the attacker suggests that social engineering or insider threats may be involved in successful exploitation attempts, which adds another layer of complexity to the threat model.

Organizations affected by this vulnerability should consider implementing network segmentation and monitoring to detect unauthorized physical access to network segments. The vulnerability's characteristics align with CWE-284 (Improper Access Control) and may relate to ATT&CK techniques involving network infiltration and privilege escalation. Given the high privilege requirements and physical access needs, defensive measures should focus on physical security controls, network access controls, and monitoring for unusual network activity on segments where MySQL Cluster systems reside. Regular updates and patches should be prioritized to address this vulnerability, particularly in environments where physical security controls may be insufficient or where insider threats are a concern.

The CVSS vector analysis reveals that this vulnerability operates under an attack vector of AV:A (Adjacent Network), which indicates that attackers need to be on the same network segment as the target system. This requirement significantly reduces the attack surface compared to remote exploitation scenarios but does not eliminate the risk entirely. The human interaction requirement of UI:R suggests that successful exploitation may involve social engineering elements or require cooperation from legitimate users within the organization. The unscoped impact rating of S:U indicates that the vulnerability affects the entire system without requiring additional scope expansion, making it particularly dangerous in multi-tenant or shared network environments where multiple systems may be vulnerable to similar physical access attacks.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01553

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!