Vulnerability Description
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Os | < 5.19.117 |
| Westerndigital | My Cloud | - |
| Westerndigital | My Cloud Dl2100 | - |
| Westerndigital | My Cloud Dl4100 | - |
| Westerndigital | My Cloud Ex2 Ultra | - |
| Westerndigital | My Cloud Ex2100 | - |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Mirror Gen 2 | - |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 | - |
| Westerndigital | Wd Cloud | - |
Related Weaknesses (CWE)
References
- https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-fVendor Advisory
- https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-fVendor Advisory
FAQ
What is CVE-2022-22989?
CVE-2022-22989 is a vulnerability with a CVSS score of 9.8 (CRITICAL). My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by ...
How severe is CVE-2022-22989?
CVE-2022-22989 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22989?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Os, Westerndigital My Cloud, Westerndigital My Cloud Dl2100, Westerndigital My Cloud Dl4100, Westerndigital My Cloud Ex2 Ultra.