CVE-2022-22995 - OpenCVE

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Westerndigital	My Cloud Ex4100 Firmware My Cloud Ex4100 My Cloud Ex2100 My Cloud Mirror Gen 2 My Cloud My Cloud Dl4100 My Cloud Pr4100 Firmware My Cloud Ex2 Ultra Firmware My Cloud Dl2100 My Cloud Dl2100 Firmware My Cloud Ex2 Ultra My Cloud Firmware My Cloud Home Wd Cloud Firmware My Cloud Home Firmware My Cloud Mirror Gen 2 Firmware My Cloud Pr2100 Firmware My Cloud Pr4100 Wd Cloud My Cloud Pr2100 My Cloud Dl4100 Firmware My Cloud Ex2100 Firmware
Netatalk	Netatalk
Fedoraproject	Fedora

Configuration 1 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*

Configuration 12 [-]

OR	cpe:2.3:a:netatalk:netatalk::::::::
	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

References

Link	Resource
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/	Mailing List
https://security.gentoo.org/glsa/202311-02	Issue Tracking Third Party Advisory
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities	Vendor Advisory