Lucene search

[email protected]NVD:CVE-2022-29840

HistoryMay 10, 2023 - 11:15 p.m.

CVE-2022-29840

2023-05-1023:15:09

CWE-918

[email protected]

web.nvd.nist.gov

cve-2022-29840

ssrf

western digital

my cloud os 5

vulnerability

local network

exploit

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

Affected configurations

NVD

Node

westerndigitalmy_cloudMatch-

westerndigitalmy_cloud_dl2100Match-

westerndigitalmy_cloud_dl4100Match-

westerndigitalmy_cloud_ex2_ultraMatch-

westerndigitalmy_cloud_ex2100Match-

westerndigitalmy_cloud_ex4100Match-

westerndigitalmy_cloud_mirror_g2Match-

westerndigitalmy_cloud_pr2100Match-

westerndigitalmy_cloud_pr4100Match-

westerndigitalwd_cloudMatch-

AND

westerndigitalmy_cloud_osRange5.02.104–5.26.202

References

www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Related for NVD:CVE-2022-29840

cvelist1 zdi1 prion1 cve1 openvas1