CVE-2022-21335 in MySQL Cluster
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/24/2022
The vulnerability identified as CVE-2022-21335 represents a significant security flaw within Oracle MySQL Cluster implementations that operates at the network communication layer. This vulnerability specifically affects MySQL Cluster components where the attack surface is exposed through physical network segments, making it particularly concerning for environments where network isolation is not properly maintained. The affected versions span across multiple release branches including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, as well as 8.0.27 and prior versions, indicating a widespread impact across the MySQL Cluster product line. The vulnerability's classification as difficult to exploit suggests that while the attack requires specific conditions, the potential consequences are severe enough to warrant immediate attention from security teams.
The technical nature of this vulnerability stems from insufficient protection mechanisms within the MySQL Cluster's communication protocols, particularly when the system operates in environments where attackers can access the physical communication segment. This creates an opportunity for high-privileged attackers who already possess network-level access to potentially compromise the entire MySQL Cluster infrastructure. The attack requires human interaction from individuals other than the attacker, which suggests that social engineering or insider threat vectors may play a role in successful exploitation, though the primary vector remains network-based access. The CVSS 3.1 scoring of 6.3 reflects the substantial impact across confidentiality, integrity, and availability domains, with the attack vector classified as adjacent network access, attack complexity as high, and requiring high privileges from the attacker. This vulnerability directly aligns with CWE-284 (Improper Access Control) and CWE-310 (Cryptographic Issues) categories, as it represents a failure in access control mechanisms and potentially weak cryptographic protections in network communications.
The operational impact of successful exploitation of CVE-2022-21335 can be devastating for organizations relying on MySQL Cluster for critical data operations. A successful compromise can result in complete takeover of the MySQL Cluster, allowing attackers to gain unauthorized access to all database contents, modify critical data structures, and potentially disrupt business operations through availability attacks. The compromise of MySQL Cluster infrastructure affects not just individual database operations but can cascade into broader system failures, particularly in distributed environments where cluster coordination is essential for maintaining data consistency and availability. Organizations may experience significant data loss, regulatory compliance violations, and reputational damage if such an attack occurs, especially when considering that the vulnerability affects multiple major release versions of MySQL Cluster.
Mitigation strategies for CVE-2022-21335 should focus on both network-level and application-level security controls to reduce the attack surface and prevent exploitation. Network segmentation and proper firewall configurations should be implemented to restrict access to MySQL Cluster communication ports and prevent unauthorized access to the physical network segments where cluster nodes operate. Regular security updates and patches should be deployed immediately upon availability, as this vulnerability affects multiple release versions that require remediation across the supported product line. Access controls should be reviewed and strengthened to ensure that only authorized personnel have access to the physical communication segments, and human interaction requirements should be carefully monitored through security awareness training programs. The ATT&CK framework categorizes this vulnerability under T1046 (Network Service Scanning) and T1190 (Exploit Public-Facing Application) as attackers may need to first identify cluster communication endpoints before attempting exploitation. Additionally, implementing network monitoring solutions that can detect unusual communication patterns and unauthorized access attempts to cluster nodes will provide early warning capabilities. Organizations should also consider implementing database activity monitoring tools that can track access patterns and identify potential compromise indicators, particularly focusing on privilege escalation attempts and unauthorized data access patterns that may indicate successful exploitation of this vulnerability.