Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Published

2022-03-25T23:15:08.410

Last Modified

2024-11-21T06:47:46.037

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 10.0 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-59
Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	westerndigital	my_cloud_pr2100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_pr2100	-	No
Operating System	westerndigital	my_cloud_pr4100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_pr4100	-	No
Operating System	westerndigital	my_cloud_ex4100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_ex4100	-	No
Operating System	westerndigital	my_cloud_ex2_ultra_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_ex2_ultra	-	No
Operating System	westerndigital	my_cloud_mirror_gen_2_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_mirror_gen_2	-	No
Operating System	westerndigital	my_cloud_dl2100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_dl2100	-	No
Operating System	westerndigital	my_cloud_dl4100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_dl4100	-	No
Operating System	westerndigital	my_cloud_ex2100_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud_ex2100	-	No
Operating System	westerndigital	my_cloud_firmware	< 5.19.117	Yes
Hardware	westerndigital	my_cloud	-	No
Operating System	westerndigital	wd_cloud_firmware	< 5.19.117	Yes
Hardware	westerndigital	wd_cloud	-	No
Operating System	westerndigital	my_cloud_home_firmware	< 7.16-220	Yes
Hardware	westerndigital	my_cloud_home	-	No
Application	netatalk	netatalk	< 3.1.18	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes
Operating System	fedoraproject	fedora	39	Yes

References

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/ Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/ Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/ Mailing List ([email protected])
https://security.gentoo.org/glsa/202311-02 Issue Tracking, Third Party Advisory ([email protected])
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202311-02 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)