Lucene search

WDC PSIRTCVELIST:CVE-2022-29843

HistoryJan 25, 2023 - 12:00 a.m.

CVE-2022-29843 Western Digital My Cloud OS 5 devices Command Injection Vulnerability

2023-01-2500:00:00

CWE-78

WDC PSIRT

www.cve.org

cve-2022-29843

western digital

my cloud os 5

command injection

ddns service

firmware 5.26.119

root user

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.

CNA Affected

[
  {
    "vendor": "Western Digital",
    "product": "My Cloud",
    "versions": [
      {
        "version": "My Cloud OS 5",
        "status": "affected",
        "lessThan": "5.26.119",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

References

www.westerndigital.com/en-in/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVELIST:CVE-2022-29843