CVE-2022-22990

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

CVSS v3.0 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117	Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-076/	Third Party Advisory VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-347/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:westerndigital:my_cloud:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_dl2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_dl4100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr4100:-:::::::*
	cpe:2.3:h:westerndigital:wd_cloud:-:::::::*

Information

Published : 2022-01-13 13:15

Updated : 2022-03-17 10:57

NVD link : CVE-2022-22990

Mitre link : CVE-2022-22990

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

westerndigital

my_cloud_dl4100
wd_cloud
my_cloud_pr2100
my_cloud_ex2100
my_cloud_os
my_cloud
my_cloud_ex4100
my_cloud_mirror_gen_2
my_cloud_pr4100
my_cloud_ex2_ultra
my_cloud_dl2100

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117", "name": "https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-076/", "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-076/", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-347/", "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-347/", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-22990", "ASSIGNER": "psirt@wdc.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2022-01-13T21:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.19.117"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-03-17T17:57Z"}

8.8 /10