CVE-2022-29836
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Western Digital | My Cloud Home | |
SanDisk | ibi |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:42.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Linux" ], "product": "My Cloud Home", "vendor": "Western Digital", "versions": [ { "lessThan": "8.11.0-113", "status": "affected", "version": "My Cloud Home ", "versionType": "custom" }, { "lessThan": "8.11.0-113", "status": "affected", "version": "My Cloud Home Duo", "versionType": "custom" } ] }, { "platforms": [ "Linux" ], "product": "ibi", "vendor": "SanDisk", "versions": [ { "lessThan": "8.11.0-113", "status": "affected", "version": "ibi", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-11T00:00:00", "orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT" }, "references": [ { "url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113" } ], "solutions": [ { "lang": "en", "value": "Your My Cloud Home and ibi device will be automatically updated to reflect the latest firmware version." } ], "source": { "discovery": "EXTERNAL" }, "title": "Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API", "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "cveId": "CVE-2022-29836", "datePublished": "2022-11-09T00:00:00", "dateReserved": "2022-04-27T00:00:00", "dateUpdated": "2024-08-03T06:33:42.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-29836\",\"sourceIdentifier\":\"psirt@wdc.com\",\"published\":\"2022-11-09T21:15:14.507\",\"lastModified\":\"2022-11-15T14:51:49.350\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un Restricted Directory (\\\"Path Traversal\\\") a trav\u00e9s de una API HTTP en Western Digital My Cloud Home; My Cloud Home Duo; y dispositivos SanDisk ibi que podr\u00edan permitir a un atacante abusar de ciertos par\u00e1metros para se\u00f1alar ubicaciones aleatorias en el sistema de archivos. Esto tambi\u00e9n podr\u00eda permitir al atacante iniciar la instalaci\u00f3n de paquetes personalizados en estas ubicaciones. Esto s\u00f3lo puede explotarse una vez que el atacante se haya autenticado en el dispositivo. Este problema afecta a: versiones de Western Digital My Cloud Home y My Cloud Home Duo anteriores a 8.11.0-113 en Linux; Versiones de SanDisk ibi anteriores a 8.11.0-113 en Linux.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"psirt@wdc.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":1.9,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"psirt@wdc.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE2FBAB-5BA0-4F09-A76E-4A6869668810\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.11.0-113\",\"matchCriteriaId\":\"8F17551C-A43E-459B-B6E0-F24ACD31EA65\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"124BBC79-65A2-465C-B784-D21E57E96F63\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.11.0-113\",\"matchCriteriaId\":\"308ED732-766A-4342-96C9-59A12A64DBCA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"296ADA43-16BA-4444-B472-DB945FB917B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.11.0-113\",\"matchCriteriaId\":\"172BFB9E-49F1-4E76-944E-914855932EF5\"}]}]}],\"references\":[{\"url\":\"https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113\",\"source\":\"psirt@wdc.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.