Vulnerability Description
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Pr2100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Pr2100 | - |
| Westerndigital | My Cloud Pr4100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Pr4100 | - |
| Westerndigital | My Cloud Ex4100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Ex4100 | - |
| Westerndigital | My Cloud Ex2 Ultra Firmware | < 5.19.117 |
| Westerndigital | My Cloud Ex2 Ultra | - |
| Westerndigital | My Cloud Mirror Gen 2 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Mirror Gen 2 | - |
| Westerndigital | My Cloud Dl2100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Dl2100 | - |
| Westerndigital | My Cloud Dl4100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Dl4100 | - |
| Westerndigital | My Cloud Ex2100 Firmware | < 5.19.117 |
| Westerndigital | My Cloud Ex2100 | - |
| Westerndigital | My Cloud Firmware | < 5.19.117 |
| Westerndigital | My Cloud | - |
| Westerndigital | Wd Cloud Firmware | < 5.19.117 |
| Westerndigital | Wd Cloud | - |
Related Weaknesses (CWE)
References
- https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://security.gentoo.org/glsa/202311-02Issue TrackingThird Party Advisory
- https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-securVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
- https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
- https://security.gentoo.org/glsa/202311-02Issue TrackingThird Party Advisory
- https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-securVendor Advisory
FAQ
What is CVE-2022-22995?
CVE-2022-22995 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitr...
How severe is CVE-2022-22995?
CVE-2022-22995 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-22995?
Check the references section above for vendor advisories and patch information. Affected products include: Westerndigital My Cloud Pr2100 Firmware, Westerndigital My Cloud Pr2100, Westerndigital My Cloud Pr4100 Firmware, Westerndigital My Cloud Pr4100, Westerndigital My Cloud Ex4100 Firmware.