CVE-2022-22992
Published Jan 28, 2022
Last updated a year ago
Overview
- Description
- A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
- Source
- psirt@wdc.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-116
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:westerndigital:my_cloud_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B585AE9-1F28-42D7-B16D-75BF1CB8A054",
"versionEndExcluding": "5.19.117"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:-:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F597DB20-7E49-4234-AB58-B944E6D3F9EA"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5695E842-1561-4A4F-901F-6EC07F558989"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"
},
{
"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"
},
{
"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]