Difficult to Exploit Vulnerability in MySQL Connectors by Oracle
CVE-2023-21971

5.3MEDIUM

Key Information:

Vendor
Oracle
Status
Mysql Connectors
Vendor
CVE Published:
18 April 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the MySQL Connectors of Oracle MySQL, specifically impacting versions 8.0.32 and earlier. This particular vulnerability can be exploited by a high-privilege attacker who has network access through various protocols. While the vulnerability is difficult to exploit, successful attempts require human interaction from a third party. If exploited, attackers may cause the MySQL Connectors to hang or crash repeatedly, leading to a complete denial of service (DoS). Furthermore, attackers could gain unauthorized access to update, insert, or delete data within the MySQL Connectors, as well as unauthorized read access to certain data. It is crucial for users to remain vigilant and apply recommended security measures to mitigate potential risks.

Affected Version(s)

MySQL Connectors 8.0.32 and prior

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-21971_Analysis
Created by Avento

References

https://www.oracle.com/security-alerts/cpuapr2023.html
vendor-advisory
https://www.oracle.com/security-alerts/cpujul2023.html
vendor-advisory
https://security.netapp.com/advisory/ntap-20230427-0007/

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.