Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22817

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Published

2024-02-05T22:15:54.820

Last Modified

2024-11-21T07:45:28.620

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	westerndigital	my_cloud_pr2100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_pr2100	-	No
Operating System	westerndigital	my_cloud_pr4100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_pr4100	-	No
Operating System	westerndigital	my_cloud_ex4100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_ex4100	-	No
Operating System	westerndigital	my_cloud_ex2_ultra_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_ex2_ultra	-	No
Operating System	westerndigital	my_cloud_mirror_g2_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_mirror_g2	-	No
Operating System	westerndigital	my_cloud_dl2100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_dl2100	-	No
Operating System	westerndigital	my_cloud_dl4100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_dl4100	-	No
Operating System	westerndigital	my_cloud_ex2100_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_ex2100	-	No
Operating System	westerndigital	my_cloud_glacier_firmware	< 5.27.161	Yes
Hardware	westerndigital	my_cloud_glacier	-	No
Operating System	westerndigital	wd_cloud_firmware	< 5.27.161	Yes
Hardware	westerndigital	wd_cloud	-	No
Operating System	westerndigital	my_cloud_home_firmware	< 9.5.1-104	Yes
Hardware	westerndigital	my_cloud_home	-	No
Operating System	westerndigital	my_cloud_home_duo_firmware	< 9.5.1-104	Yes
Hardware	westerndigital	my_cloud_home_duo	-	No
Operating System	westerndigital	sandisk_ibi_firmware	< 9.5.1-104	Yes
Hardware	westerndigital	sandisk_ibi	-	No

References

https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update Vendor Advisory ([email protected])
https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)