CVE-2022-21324 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21324 represents a significant security weakness within Oracle MySQL Cluster deployments, specifically affecting versions up to 7.4.34, 7.5.24, 7.6.20, and 8.0.27. This issue falls under the CWE-284 access control weakness category, where improper access controls allow unauthorized parties to gain elevated privileges within the cluster environment. The vulnerability operates at the network level, requiring an attacker to possess physical access to the communication segment connected to the MySQL Cluster hardware, which aligns with the CVSS vector indicating attack vector as adjacent network (AV:A) and high privilege requirements (PR:H). The complexity of exploitation is rated as high (AC:H), suggesting that sophisticated attack techniques are necessary to successfully compromise the system, though this does not prevent potential exploitation by determined adversaries.

The technical flaw stems from inadequate authentication and authorization mechanisms within the MySQL Cluster's communication protocols, particularly in how the system handles network traffic from connected devices. Attackers with physical access to the network segment can potentially intercept communications and manipulate cluster operations, leading to unauthorized data access and service disruption. This vulnerability specifically targets the cluster's general components, indicating that the flaw affects fundamental cluster operations rather than isolated features. The impact assessment reveals that successful exploitation can result in unauthorized read access to a subset of MySQL Cluster accessible data, which corresponds to the confidentiality impact rating of low (C:L) in the CVSS scoring. Additionally, the vulnerability enables attackers to cause partial denial of service conditions, affecting the availability aspect with a low impact rating (A:L). The requirement for human interaction (UI:R) suggests that while the attack itself may be automated, some form of user involvement or system configuration change is necessary to fully exploit the vulnerability.

The operational impact of CVE-2022-21324 extends beyond simple data theft, as it creates opportunities for service disruption that can affect business continuity and operational integrity. Organizations utilizing MySQL Cluster deployments face potential exposure to unauthorized data access, which could include sensitive customer information, financial records, or proprietary business data depending on the specific implementation. The partial denial of service capability means that attackers can disrupt cluster operations without completely taking the system offline, creating ongoing operational challenges that may go unnoticed for extended periods. This vulnerability particularly affects environments where physical security controls are insufficient or where network segmentation is inadequate, as the attack requires access to the same physical communication segment as the target cluster. The low base score of 2.9 reflects the limited scope of damage compared to more severe vulnerabilities, but the combination of confidentiality and availability impacts creates real operational risks for organizations that rely on MySQL Cluster for mission-critical database operations.

Mitigation strategies for CVE-2022-21324 should focus on strengthening both physical and network security controls around MySQL Cluster deployments. Organizations must implement robust network segmentation to isolate cluster communication from general network traffic, ensuring that only authorized devices can access the cluster's communication segment. Physical security measures should be enhanced to prevent unauthorized access to network hardware and communication cables, particularly in environments where the MySQL Cluster operates. Regular security audits should be conducted to verify that proper access controls are in place and that network configurations prevent unauthorized communication with cluster components. Upgrading to supported versions of MySQL Cluster that contain patches for this vulnerability represents the most effective long-term solution, as these updates address the underlying access control flaws that enable exploitation. Network monitoring systems should be configured to detect unusual communication patterns that might indicate exploitation attempts, while implementing strong authentication mechanisms and access controls can help prevent unauthorized access to cluster resources. The vulnerability's classification under ATT&CK technique T1071.004 (Application Layer Protocol: DNS) and T1566 (Phishing) indicates that attackers may leverage social engineering or network-based attacks to gain the necessary physical access or network privileges to exploit the vulnerability effectively.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.01443

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!