WDC PSIRTCVELIST:CVE-2022-36327CVE-2022-36327 Path traversal vulnerability leading to an arbitrary file write in Western Digital devices
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
10 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires an authentication bypass issue to be triggered before this can be exploited.
This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "My Cloud Home and My Cloud Home Duo",
"vendor": "Western Digital",
"versions": [
{
"lessThan": " 9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "ibi",
"vendor": "SanDisk",
"versions": [
{
"lessThan": " 9.4.0-191",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "My Cloud OS 5",
"vendor": "Western Digital",
"versions": [
{
"lessThan": "5.26.202",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
10 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.1%