CVE-2022-29840 - OpenCVE

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Westerndigital	My Cloud Dl2100 My Cloud Ex2100 My Cloud Ex2 Ultra My Cloud Ex4100 Wd Cloud My Cloud My Cloud Pr2100 My Cloud Mirror G2 My Cloud Pr4100 My Cloud Dl4100 My Cloud Os

Configuration 1 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:westerndigital:my_cloud:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_dl2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_dl4100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr4100:-:::::::*
	cpe:2.3:h:westerndigital:wd_cloud:-:::::::*

References

Link	Resource
https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2023-05-10T22:09:28.939Z

Updated: 2023-05-18T17:55:33.499Z

Reserved: 2022-04-27T20:53:48.676Z

Link: CVE-2022-29840

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-10T23:15:09.343

Modified: 2023-05-22T19:33:58.417

Link: CVE-2022-29840

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-29840", "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "state": "PUBLISHED", "assignerShortName": "WDC PSIRT", "dateReserved": "2022-04-27T20:53:48.676Z", "datePublished": "2023-05-10T22:09:28.939Z", "dateUpdated": "2023-05-18T17:55:33.499Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "My Cloud OS 5", "vendor": "Western Digital", "versions": [{"lessThan": "5.26.202", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro\u2019s Zero Day Initiative"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.<p>This issue affects My Cloud OS 5 devices before 5.26.202.</p><br>"}], "value": "Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT", "dateUpdated": "2023-05-18T17:55:33.499Z"}, "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n<p>For My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.</p>"}], "value": "\n\n\n\n\n\n\n\n\nFor My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CE3AF08-E7E6-4B65-B9E5-1BBF4B7A75DE", "versionEndExcluding": "5.26.202", "versionStartIncluding": "5.02.104", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*", "matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.\n\n\n"}], "id": "CVE-2022-29840", "lastModified": "2023-05-22T19:33:58.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "psirt@wdc.com", "type": "Secondary"}]}, "published": "2023-05-10T23:15:09.343", "references": [{"source": "psirt@wdc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "psirt@wdc.com", "type": "Secondary"}]}