CVE-2023-22817

{"id": "CVE-2023-22817", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "psirt@wdc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-05T22:15:54.820", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update", "tags": ["Vendor Advisory"], "source": "psirt@wdc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Secondary", "source": "psirt@wdc.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed\u00a0by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.\u00a0\n"}, {"lang": "es", "value": "Vulnerabilidad de server-side request forgery (SSRF) que podr\u00eda permitir que un servidor no autorizado en la red local modifique su URL utilizando otra direcci\u00f3n DNS para apuntar al adaptador de loopback. Esto podr\u00eda permitir que la URL aproveche otras vulnerabilidades en el servidor local. Esto se solucion\u00f3 corrigiendo las direcciones DNS que hacen referencia al loopback. Este problema afecta a los dispositivos My Cloud OS 5 anteriores a 5.27.161, My Cloud Home, My Cloud Home Duo y SanDisk ibi anteriores a 9.5.1-104."}], "lastModified": "2024-02-13T14:27:09.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65956C3F-A729-4A75-AA37-74B5E89A079D", "versionEndExcluding": "5.27.161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7A6F3E-6031-4123-AEB3-498A37164AFC", "versionEndExcluding": "5.27.161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B7F303F-BEA6-4546-B7F3-85937F055C70", "versionEndExcluding": "5.27.161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D626D580-E58A-4B6C-82C7-B9E4EFDD45E6", "versionEndExcluding": "5.27.161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA969327-0057-483A-BDEA-48044C2AAFDA", "versionEndExcluding": "5.27.161"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C32A7FB-2EAC-431F-A2AF-033BC56B7548", "versionEndExcluding": "5.27.161"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4289EA01-0B97-4628-8658-56C35D328476", "versionEndExcluding": "5.27.161"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14973F26-4E47-4531-96ED-1F4DE2B90782", "versionEndExcluding": "5.27.161"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_glacier:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4725EF2C-5954-45DA-95D1-0A2F8F3E7714"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC4318FA-0121-4730-9199-3E6E18872B9C", "versionEndExcluding": "5.27.161"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC132C6A-CA10-431F-AEDE-64979DA8D960", "versionEndExcluding": "5.27.161"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D90D9B21-6C1A-4FC3-B292-B72BB521E1B6", "versionEndExcluding": "9.5.1-104"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "233200A4-0DDF-4FEE-967B-DDB638D0DBB0", "versionEndExcluding": "9.5.1-104"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4523B737-F58A-4A73-AE74-EAF313AEBDFC", "versionEndExcluding": "9.5.1-104"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@wdc.com"}