Lucene search

[email protected]NVD:CVE-2022-29837

HistoryDec 01, 2022 - 5:15 p.m.

CVE-2022-29837

2022-12-0117:15:11

CWE-22

[email protected]

web.nvd.nist.gov

path traversal

western digital

my cloud home

my cloud home duo

sandisk ibi

zip packages

system files

code execution

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.1%

JSON

A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution.

Affected configurations

NVD

Node

westerndigitalmy_cloud_homeMatch-

AND

westerndigitalmy_cloud_home_firmwareRange<8.12.0-178

Node

westerndigitalmy_cloud_home_duoMatch-

AND

westerndigitalmy_cloud_home_duo_firmwareRange<8.12.0-178

Node

westerndigitalsandisk_ibiMatch-

AND

westerndigitalsandisk_ibi_firmwareRange<8.12.0-178

References

www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2022-29837

prion1 cvelist1 cve1