CVE-2022-22997

MEDIUM

6.8

Descripcion

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.

Detalles CVE

Puntuacion CVSS v3.16.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Vector de ataqueADJACENT_NETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado7/12/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

linux:linux_kernelwesterndigital:my_cloud_homewesterndigital:my_cloud_home_duowesterndigital:my_cloud_home_duo_firmwarewesterndigital:my_cloud_home_firmware

Debilidades (CWE)

CWE-78CWE-78

Referencias

https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107(psirt@wdc.com)

https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.