CVE-2022-21367 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability in versions 5.7.36 and 8.0.27 and earlier.

High privileged attacker can exploit this vulnerability by connecting to the server via network and performing request with low privilege.
To exploit this vulnerability, an attacker must have the ability to connect to the MySQL server or have another legitimate user login to the server and perform the request. Authentication requirements and potential solutions are described in the VU#101058 and VU#101061 vulnerabilities. Mitigation for this vulnerability includes the following. - Upgrade MySQL to 5.7.36 or 8.0.27 if possible. - If upgrading MySQL is not an option, then consider running an application with a low privilege account and low trust on the same server. - Monitor requests carefully to identify and block any suspicious activity. - This vulnerability can be exploited over TCP/IP connections as well as directly connected networks. - Follow the recommended practices to protect against network attacks. - Keep the server software and network devices up-to-date by using routine updates. - Restrict access to the MySQL server to only trusted IPs and networks. - Enable authentication for the server. - Limit or disable user accounts with the highest privileges. - If possible, switch to a non-MySQL database server. - Follow the recommended practices to protect against SQL injection attacks. - Avoid using the same password for multiple purposes. - If possible, use a strong password. - Use a good password policy. - Consider using encryption when possible

VU#101057: High privileged user can access the database even if no login is provided

High privileged attacker can exploit this vulnerability by connecting to the server via network and performing request with low privilege.
To exploit this vulnerability, an attacker must have the ability to connect to the MySQL server or have another legitimate user login to the server and perform the request. Mitigation for this vulnerability includes the following. - Upgrade MySQL to 5.7.36 or 8.0.27 if possible. - If upgrading MySQL is not an option, then consider running an application with a low privilege account and low trust on the same server. - Monitor requests carefully to identify and block any suspicious activity. - This vulnerability can be exploited over TCP/IP connections as well as directly connected networks. - Follow the recommended practices to protect against network attacks. - Keep the server software and network devices up-to-date by using routine updates. - Restrict access to the MySQL server to only trusted IPs and networks.

Timeline

Published on: 01/19/2022 12:15:00 UTC
Last modified on: 01/24/2022 20:19:00 UTC

References

• https://www.oracle.com/security-alerts/cpujan2022.html
• https://security.netapp.com/advisory/ntap-20220121-0008/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21367