Lucene search

[email protected]NVD:CVE-2022-22992

HistoryJan 28, 2022 - 8:15 p.m.

CVE-2022-22992

2022-01-2820:15:12

CWE-116

[email protected]

web.nvd.nist.gov

command injection

remote code execution

western digital my cloud devices

vulnerability addressed

user input

system commands

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.8%

JSON

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

Affected configurations

Nvd

Node

westerndigitalmy_cloud_osRange<5.19.117

AND

westerndigitalmy_cloudMatch--

westerndigitalmy_cloud_dl2100Match-

westerndigitalmy_cloud_dl4100Match-

westerndigitalmy_cloud_ex2_ultraMatch-

westerndigitalmy_cloud_ex2100Match-

westerndigitalmy_cloud_ex4100Match-

westerndigitalmy_cloud_mirror_gen_2Match-

westerndigitalmy_cloud_pr2100Match-

westerndigitalmy_cloud_pr4100Match-

westerndigitalwd_cloudMatch-

VendorProductVersionCPE
westerndigitalmy_cloud_os*cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*
westerndigitalmy_cloud-cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:*
westerndigitalmy_cloud_dl2100-cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_dl4100-cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra-cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2100-cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100-cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_gen_2-cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr2100-cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100-cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
westerndigital	my_cloud_os	*	cpe:2.3:o:westerndigital:my_cloud_os::::::::
westerndigital	my_cloud	-	cpe:2.3:h:westerndigital:my_cloud:-::::-:::
westerndigital	my_cloud_dl2100	-	cpe:2.3:h:westerndigital:my_cloud_dl2100:-:::::::*
westerndigital	my_cloud_dl4100	-	cpe:2.3:h:westerndigital:my_cloud_dl4100:-:::::::*
westerndigital	my_cloud_ex2_ultra	-	cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
westerndigital	my_cloud_ex2100	-	cpe:2.3:h:westerndigital:my_cloud_ex2100:-:::::::*
westerndigital	my_cloud_ex4100	-	cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
westerndigital	my_cloud_mirror_gen_2	-	cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:::::::*
westerndigital	my_cloud_pr2100	-	cpe:2.3:h:westerndigital:my_cloud_pr2100:-:::::::*
westerndigital	my_cloud_pr4100	-	cpe:2.3:h:westerndigital:my_cloud_pr4100:-:::::::*

Rows per page:

1-10 of 111

References

www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.8%

JSON

Related for NVD:CVE-2022-22992

zdi1 cvelist1 cve1 prion1 openvas1