Lucene search

WDC PSIRTCVELIST:CVE-2022-22992

HistoryJan 28, 2022 - 7:35 p.m.

CVE-2022-22992 Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices.

2022-01-2819:35:04

WDC PSIRT

www.cve.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

References

www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for CVELIST:CVE-2022-22992