Lucene search

[email protected]CVE-2023-22817

HistoryFeb 05, 2024 - 10:15 p.m.

CVE-2023-22817

2024-02-0522:15:54

CWE-918

[email protected]

web.nvd.nist.gov

cve-2023-22817

ssrf vulnerability

server-side request forgery

dns address

my cloud os 5

my cloud home

sandisk ibi

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Affected configurations

NVD

Node

westerndigitalmy_cloud_pr2100_firmwareRange<5.27.161

AND

westerndigitalmy_cloud_pr2100Match-

Node

westerndigitalmy_cloud_pr4100_firmwareRange<5.27.161

AND

westerndigitalmy_cloud_pr4100Match-

Node

westerndigitalmy_cloud_ex4100_firmwareRange<5.27.161

AND

westerndigitalmy_cloud_ex4100Match-

Node

westerndigitalmy_cloud_ex2_ultra_firmwareRange<5.27.161

AND

westerndigitalmy_cloud_ex2_ultraMatch-

Node

westerndigitalmy_cloud_mirror_g2_firmwareRange<5.27.161

AND

westerndigitalmy_cloud_mirror_g2Match-

Node

westerndigitalmy_cloud_dl2100Match-

AND

westerndigitalmy_cloud_dl2100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_dl4100Match-

AND

westerndigitalmy_cloud_dl4100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_ex2100Match-

AND

westerndigitalmy_cloud_ex2100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_glacierMatch-

AND

westerndigitalmy_cloud_glacier_firmwareRange<5.27.161

Node

westerndigitalwd_cloudMatch-

AND

westerndigitalwd_cloud_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_homeMatch-

AND

westerndigitalmy_cloud_home_firmwareRange<9.5.1-104

Node

westerndigitalmy_cloud_home_duoMatch-

AND

westerndigitalmy_cloud_home_duo_firmwareRange<9.5.1-104

Node

westerndigitalsandisk_ibiMatch-

AND

westerndigitalsandisk_ibi_firmwareRange<9.5.1-104

CPENameOperatorVersion
westerndigital:my_cloud_pr2100_firmwarewesterndigital my cloud pr2100 firmwarelt5.27.161

CPE	Name	Operator	Version
westerndigital:my_cloud_pr2100_firmware	westerndigital my cloud pr2100 firmware	lt	5.27.161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.27.161",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud Home & Duo",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "9.5.1-104",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ibi",
    "vendor": "SanDisk",
    "versions": [
      {
        "lessThan": "9.5.1-104",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]