CVE-2022-22995 Vulnerability Details

  /     /     /  

CVE-2022-22995 Metadata Quick Info

CVE Published: 25/03/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: WDC PSIRT | Vendor: Western Digital | Product: My Cloud
Status : PUBLISHED

---

CVE-2022-22995 Description

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-59
CWE Name: CWE-59 Improper Link Resolution Before File Access ( Link Following )
Source: Western Digital

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).