Multiple vulnerabilities in Western Digital My Cloud OS 5



Published: 2022-07-26
Risk Medium
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2022-23000
CVE-2022-0778
CVE-2022-0562
CVE-2022-0561
CVE-2022-0865
CVE-2022-29191
CVE-2022-29213
CVE-2022-29208
CVE-2022-22999
CWE-ID CWE-757
CWE-835
CWE-476
CWE-617
CWE-20
CWE-787
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
My Cloud Mirror G2
Hardware solutions / Other hardware appliances

WD Cloud
Hardware solutions / Other hardware appliances

My Cloud EX2100
Hardware solutions / Other hardware appliances

My Cloud DL4100
Hardware solutions / Other hardware appliances

My Cloud DL2100
Hardware solutions / Other hardware appliances

My Cloud EX4100
Hardware solutions / Other hardware appliances

My Cloud EX2 Ultra
Hardware solutions / Other hardware appliances

My Cloud PR4100
Hardware solutions / Other hardware appliances

My Cloud PR2100
Hardware solutions / Other hardware appliances

My Cloud
Hardware solutions / Office equipment, IP-phones, print servers

My Cloud OS 5
Operating systems & Components / Operating system

Vendor Western Digital

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Algorithm Downgrade

EUVDB-ID: #VU65773

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23000

CWE-ID: CWE-757 - Selection of Less-Secure Algorithm During Negotiat

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass certain security restrictions.

The vulnerability exists due to a weak SSLContext when attempting to configure port forwarding rules. A local attacker can jeopardize the integrity, confidentiality and authenticity of information transmitted.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU61391

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-0778

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) NULL pointer dereference

EUVDB-ID: #VU63328

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0562

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFReadDirectory() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU63326

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0561

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchStripThing() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Reachable Assertion

EUVDB-ID: #VU63332

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0865

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the tiffcp component. A remote attacker can trick a victim to open a specially crafted TIFF file and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU65774

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29191

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the "GetSessionTensor". A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU65775

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29213

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in "tf.compat.v1.signal.rfft2d" and "tf.compat.v1.signal.rfft3d". A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds write

EUVDB-ID: #VU65777

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29208

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in "EditDistance". A local user can trigger out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Cross-site scripting

EUVDB-ID: #VU65779

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22999

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

My Cloud Mirror G2: All versions

WD Cloud: All versions

My Cloud: All versions

My Cloud EX2100: All versions

My Cloud DL4100: All versions

My Cloud DL2100: All versions

My Cloud EX4100: All versions

My Cloud EX2 Ultra: All versions

My Cloud PR4100: All versions

My Cloud PR2100: All versions

My Cloud OS 5: before 5.23.114

External links

http://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###