A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
References
Link | Resource |
---|---|
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-22-348/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WDC PSIRT
Published: 2022-01-28T19:09:29
Updated: 2022-02-15T15:06:17
Reserved: 2022-01-10T00:00:00
Link: CVE-2022-22993
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-28T20:15:12.763
Modified: 2022-03-18T20:51:29.423
Link: CVE-2022-22993
JSON object: View
Redhat Information
No data.
CWE