CVE-2022-22992

Command Injection Remote Code Execution vulnerability on Western Digital My Cloud devices.

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.

Se ha detectado una vulnerabilidad de ejecución de código remota por inyección de comandos en los dispositivos My Cloud de Western Digital que podría permitir a un atacante ejecutar comandos arbitrarios del sistema en el dispositivo. La vulnerabilidad fue abordada al escapar de los argumentos individuales a las funciones de shell procedentes de la entrada del usuario

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the cloudAccess endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

*Credits: Reported By: Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro’s Zero Day Initiative

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-10 CVE Reserved
2022-01-17 CVE Published
2024-08-03 CVE Updated
2024-10-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-116: Improper Encoding or Escaping of Output

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117	2023-07-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Search vendor "Westerndigital" for product "My Cloud"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Dl2100 Search vendor "Westerndigital" for product "My Cloud Dl2100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Dl4100 Search vendor "Westerndigital" for product "My Cloud Dl4100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Ex2 Ultra Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Ex2100 Search vendor "Westerndigital" for product "My Cloud Ex2100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Ex4100 Search vendor "Westerndigital" for product "My Cloud Ex4100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Mirror Gen 2 Search vendor "Westerndigital" for product "My Cloud Mirror Gen 2"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Pr2100 Search vendor "Westerndigital" for product "My Cloud Pr2100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	My Cloud Pr4100 Search vendor "Westerndigital" for product "My Cloud Pr4100"	-	-	Safe
Westerndigital Search vendor "Westerndigital"	My Cloud Os Search vendor "Westerndigital" for product "My Cloud Os"	< 5.19.117 Search vendor "Westerndigital" for product "My Cloud Os" and version " < 5.19.117"	-	Affected	in	Westerndigital Search vendor "Westerndigital"	Wd Cloud Search vendor "Westerndigital" for product "Wd Cloud"	-	-	Safe