Multiple vulnerabilities in Western Digital My Cloud OS 5
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2022-0492 CVE-2021-43618 CVE-2022-0778 |
| CWE-ID | CWE-264 CWE-190 CWE-835 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software Subscribe |
My Cloud Mirror G2 Hardware solutions / Other hardware appliances WD Cloud Hardware solutions / Other hardware appliances My Cloud EX2100 Hardware solutions / Other hardware appliances My Cloud DL4100 Hardware solutions / Other hardware appliances My Cloud DL2100 Hardware solutions / Other hardware appliances My Cloud EX4100 Hardware solutions / Other hardware appliances My Cloud EX2 Ultra Hardware solutions / Other hardware appliances My Cloud PR4100 Hardware solutions / Other hardware appliances My Cloud PR2100 Hardware solutions / Other hardware appliances My Cloud Hardware solutions / Office equipment, IP-phones, print servers My Cloud OS 5 Operating systems & Components / Operating system |
| Vendor | Western Digital |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU61245
Risk: Low
CVSSv3.1: 7.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2022-0492
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a logic error within the cgroup_release_agent_write() function in kernel/cgroup/cgroup-v1.c. A local user can use the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation.
MitigationInstall update from vendor's website.
Vulnerable software versionsMy Cloud Mirror G2: All versions
WD Cloud: All versions
My Cloud: All versions
My Cloud EX2100: All versions
My Cloud DL4100: All versions
My Cloud DL2100: All versions
My Cloud EX4100: All versions
My Cloud EX2 Ultra: All versions
My Cloud PR4100: All versions
My Cloud PR2100: All versions
My Cloud OS 5: before 5.22.113
External linkshttp://www.westerndigital.com/support/product-security/wdc-22008-my-cloud-os-5-firmware-5-22-113
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Integer overflow
EUVDB-ID: #VU63553
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43618
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsMy Cloud Mirror G2: All versions
WD Cloud: All versions
My Cloud: All versions
My Cloud EX2100: All versions
My Cloud DL4100: All versions
My Cloud DL2100: All versions
My Cloud EX4100: All versions
My Cloud EX2 Ultra: All versions
My Cloud PR4100: All versions
My Cloud PR2100: All versions
My Cloud OS 5: before 5.22.113
External linkshttp://www.westerndigital.com/support/product-security/wdc-22008-my-cloud-os-5-firmware-5-22-113
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Infinite loop
EUVDB-ID: #VU61391
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0778
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsMy Cloud Mirror G2: All versions
WD Cloud: All versions
My Cloud: All versions
My Cloud EX2100: All versions
My Cloud DL4100: All versions
My Cloud DL2100: All versions
My Cloud EX4100: All versions
My Cloud EX2 Ultra: All versions
My Cloud PR4100: All versions
My Cloud PR2100: All versions
My Cloud OS 5: before 5.22.113
External linkshttp://www.westerndigital.com/support/product-security/wdc-22008-my-cloud-os-5-firmware-5-22-113
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
