CVE-2022-21356 in MySQL Cluster
Summary
by MITRE • 01/19/2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/24/2022
The vulnerability identified as CVE-2022-21356 represents a significant security flaw within Oracle MySQL Cluster's implementation that operates under the Cluster: General component. This vulnerability affects multiple version ranges including 7.4.34 and earlier, 7.5.24 and earlier, 7.6.20 and earlier, as well as 8.0.27 and prior versions of the MySQL Cluster software. The affected systems are particularly susceptible due to their exposure to physical communication segments where the cluster operates, creating a specific attack surface that adversaries can exploit. The vulnerability's classification as difficult to exploit indicates that while it requires specific conditions, the potential impact is severe enough to warrant immediate attention from security teams.
The technical nature of this vulnerability stems from insufficient security controls within the MySQL Cluster's communication protocols, allowing attackers with high privileges on the physical network segment to compromise the entire cluster infrastructure. The attack vector requires AV:A (Adjacent network) access, meaning an attacker must be physically present on the same network segment as the target system. This places the vulnerability in the context of a man-in-the-middle attack scenario where network-level access provides the foundation for exploitation. The high privilege requirement PR:H (High) indicates that attackers need elevated access rights on the network segment itself, which typically involves either physical access to network equipment or legitimate administrative credentials.
The operational impact of successful exploitation can result in complete takeover of the MySQL Cluster, which represents a catastrophic failure for database security and availability. The CVSS 3.1 Base Score of 6.3 reflects the severity across three critical impact areas: confidentiality, integrity, and availability. This means that successful attacks could lead to unauthorized data access, data corruption, and complete service disruption. The human interaction requirement UI:R (Required) suggests that while the technical exploitation is possible, it still requires some form of social engineering or cooperation from legitimate users within the network environment, making the attack more sophisticated but not impossible. The vulnerability's potential for complete cluster compromise aligns with CWE-284 (Improper Access Control) and CWE-310 (Cryptographic Issues) categories, which are fundamental to database security architecture.
From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and lateral movement within network segments, particularly through network infiltration and access control bypass methods. The requirement for physical network access places it in the context of initial access and persistence phases of the attack lifecycle. Organizations should implement network segmentation strategies to isolate MySQL Cluster components from general network traffic, as well as deploy network monitoring solutions to detect anomalous communication patterns that might indicate exploitation attempts. The vulnerability's impact on availability, confidentiality, and integrity makes it particularly dangerous in environments where database systems serve as critical infrastructure components for business operations.
Mitigation strategies should include immediate patching of affected versions to the latest available releases, implementation of network access controls to limit physical access to database segments, and deployment of intrusion detection systems specifically configured to monitor MySQL Cluster communication protocols. Organizations should also conduct thorough network audits to identify all instances of affected MySQL Cluster versions and ensure proper network segmentation practices are implemented. The combination of physical access controls and network monitoring provides the most effective defense against exploitation of this particular vulnerability, as it addresses both the access requirements and the operational impact of successful attacks. Regular security assessments should include verification of MySQL Cluster configurations and monitoring for unauthorized network access patterns that could indicate exploitation attempts.