Login Sign Up

CVE-2023-22094

7.9 HIGH
Denial of Service

📋 TL;DR

This vulnerability in MySQL Installer allows low-privileged local attackers to compromise the installer through social engineering. When exploited, it enables unauthorized modification or deletion of critical data and can cause denial of service. Affected users are those running MySQL Installer versions prior to 1.6.8 on systems where attackers have local access.

💻 Affected Systems

Products:
  • MySQL Installer
  • MySQL Server (bundled versions)
Versions: Prior to 1.6.8
Operating Systems: Windows (primary), Linux if MySQL Installer is used
Default Config Vulnerable: ⚠️ Yes
Notes: Affects MySQL Server bundled versions 8.0.35 and 5.7.44. Requires local access and user interaction.

📦 What is this software?

Mysql Installer by Oracle

View all CVEs affecting Mysql Installer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of MySQL Installer leading to data corruption, unauthorized system modifications, and persistent denial of service affecting all MySQL-related operations on the system.

🟠

Likely Case

Local attacker tricks user into running malicious installer action, resulting in data manipulation or installer crashes disrupting MySQL management operations.

🟢

If Mitigated

Limited impact due to proper user awareness training, least privilege enforcement, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW - This is a local privilege vulnerability requiring attacker access to the system where MySQL Installer runs.
🏢 Internal Only: MEDIUM - Internal attackers with local access could exploit this, but requires user interaction and specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires low privileges but depends on social engineering to trick another user into performing actions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MySQL Installer 1.6.8 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2023.html

Restart Required: Yes

Instructions:

1. Download MySQL Installer 1.6.8 or later from Oracle's official website. 2. Run the installer as administrator. 3. Follow the upgrade prompts. 4. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local user access to systems running MySQL Installer to trusted personnel only.

User Awareness Training

all

Educate users about not running MySQL Installer from untrusted sources or when prompted by suspicious requests.

🧯 If You Can't Patch

  • Implement strict least privilege access controls to limit who can run MySQL Installer
  • Monitor for unusual installer activity and user interaction patterns

🔍 How to Verify

Check if Vulnerable:

Check MySQL Installer version via Control Panel > Programs and Features (Windows) or by running the installer and viewing version information.

Check Version:

On Windows: Check in Control Panel or run 'wmic product where name="MySQL Installer" get version'

Verify Fix Applied:

Confirm MySQL Installer version is 1.6.8 or higher after patching.

📡 Detection & Monitoring

Log Indicators:

  • Unusual MySQL Installer execution patterns
  • Multiple installer crashes or hangs
  • Unexpected file modifications in MySQL directories

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

EventID=4688 AND ProcessName LIKE '%MySQLInstaller%' AND CommandLine CONTAINS suspicious_pattern

📊 Metadata

CVE ID: CVE-2023-22094
CVSS v3 Score: 7.9 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H
Published: October 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON