CVE-2022-22995

EPSS 0.18%
Published 25.03.2022 23:15:08
Last modified 21.11.2024 06:47:46
Source psirt@wdc.com
Teams watchlist Login
Open Login

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Westerndigital ≫ My Cloud Pr2100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Pr2100 Version-

Westerndigital ≫ My Cloud Pr4100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Pr4100 Version-

Westerndigital ≫ My Cloud Ex4100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Ex4100 Version-

Westerndigital ≫ My Cloud Ex2 Ultra Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Ex2 Ultra Version-

Westerndigital ≫ My Cloud Mirror Gen 2 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Mirror Gen 2 Version-

Westerndigital ≫ My Cloud Dl2100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Dl2100 Version-

Westerndigital ≫ My Cloud Dl4100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Dl4100 Version-

Westerndigital ≫ My Cloud Ex2100 Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Ex2100 Version-

Westerndigital ≫ My Cloud Firmware Version < 5.19.117

Westerndigital ≫ My Cloud Version-

Westerndigital ≫ Wd Cloud Firmware Version < 5.19.117

Westerndigital ≫ Wd Cloud Version-

Westerndigital ≫ My Cloud Home Firmware Version < 7.16-220

Westerndigital ≫ My Cloud Home Version-

Netatalk ≫ Netatalk Version < 3.1.18

Fedoraproject ≫ Fedora Version37

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.397

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
psirt@wdc.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://security.gentoo.org/glsa/202311-02

Third Party Advisory

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

Mailing List

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-22995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22995

EUVD