CVE-2022-21327 in MySQL Clusterinfo

Summary

by MITRE • 01/19/2022

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 01/24/2022

The vulnerability identified as CVE-2022-21327 represents a significant security weakness within Oracle MySQL Cluster implementations that affects multiple version branches including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, and 8.0.27 and earlier. This flaw exists within the Cluster: General component of the MySQL Cluster product line and demonstrates characteristics that align with CWE-284, which addresses improper access control mechanisms. The vulnerability's classification as difficult to exploit indicates that while it requires specific conditions to be leveraged effectively, the potential impact remains severe enough to warrant immediate attention from security practitioners.

The technical nature of this vulnerability stems from insufficient access controls within the MySQL Cluster communication protocols, particularly when the system operates in environments where attackers have physical access to the communication segments connected to the hardware infrastructure. This scenario creates a unique attack vector where an adversary with physical presence on the network segment can potentially compromise the entire cluster environment. The requirement for high privileged access to exploit this vulnerability means that attackers typically need elevated system permissions or administrative credentials, though the attack surface expands when physical network access is available.

From an operational perspective, the successful exploitation of CVE-2022-21327 can lead to complete takeover of the affected MySQL Cluster, resulting in catastrophic consequences for data integrity, confidentiality, and availability. The CVSS 3.1 base score of 6.3 reflects the severity of potential impacts across all three core security principles, with high scores for confidentiality, integrity, and availability implications. The attack vector AV:A indicates that network access is required, while the high access complexity AC:H suggests that specialized knowledge or conditions are necessary for successful exploitation. The human interaction requirement UI:R means that additional personnel involvement is needed for the attack to succeed, potentially indicating social engineering or insider threat components.

The implications of this vulnerability extend beyond simple data compromise to encompass complete system control, making it particularly dangerous for organizations relying on MySQL Cluster for critical database operations. The attack pattern aligns with ATT&CK framework techniques related to privilege escalation and lateral movement, as attackers would need to establish control over the cluster environment to achieve their objectives. Organizations utilizing affected MySQL Cluster versions must consider implementing additional network segmentation measures, enhanced physical security controls, and comprehensive monitoring solutions to detect potential exploitation attempts. The vulnerability demonstrates the critical importance of maintaining up-to-date software versions and implementing robust access control policies, particularly in environments where physical security boundaries may be compromised.

Mitigation strategies should prioritize immediate patching of affected systems to version 7.4.35, 7.5.25, 7.6.21, or 8.0.28 and later, as these releases contain the necessary security fixes. Network-level protections including firewall rules, intrusion detection systems, and monitoring of cluster communication protocols should be implemented to detect anomalous behavior patterns. Physical security measures must also be reinforced to prevent unauthorized access to network segments where MySQL Cluster components operate, as this vulnerability specifically targets environments where such access is possible. Additionally, organizations should conduct comprehensive security assessments to identify all instances of affected MySQL Cluster deployments and implement layered defense approaches that reduce the attack surface while maintaining operational functionality. The vulnerability serves as a reminder of the critical relationship between physical security and network security in database infrastructure environments.

Responsible

Oracle

Reservation

11/15/2021

Disclosure

01/19/2022

Moderation

accepted

CPE

ready

EPSS

0.02795

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!