CVE-2022-22999
Cross-site Scripting Vulnerability in USB Backups App
Severity Score
4.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.
Los dispositivos My Cloud de Western Digital son susceptibles a una vulnerabilidad de tipo cross side scripting que puede permitir a un usuario malicioso con altos privilegios acceder a las unidades de las que está haciéndose una copia de seguridad para construir e inyectar cargas útiles de JavaScript en el navegador de un usuario autenticado. Como resultado, puede ser posible conseguir el control de la sesión autenticada, robar datos, modificar la configuración o redirigir al usuario a sitios web maliciosos. El alcance del impacto puede extenderse a otros componentes
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-10 CVE Reserved
- 2022-07-25 CVE Published
- 2024-02-15 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westerndigital Search vendor "Westerndigital" | My Cloud Pr2100 Firmware Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr2100 Search vendor "Westerndigital" for product "My Cloud Pr2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Pr4100 Firmware Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr4100 Search vendor "Westerndigital" for product "My Cloud Pr4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex4100 Firmware Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex4100 Search vendor "Westerndigital" for product "My Cloud Ex4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex2 Ultra Firmware Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2 Ultra Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Mirror G2 Firmware Search vendor "Westerndigital" for product "My Cloud Mirror G2 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Mirror G2 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Mirror G2 Search vendor "Westerndigital" for product "My Cloud Mirror G2" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Dl2100 Firmware Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl2100 Search vendor "Westerndigital" for product "My Cloud Dl2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Dl4100 Firmware Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl4100 Search vendor "Westerndigital" for product "My Cloud Dl4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex2100 Firmware Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2100 Search vendor "Westerndigital" for product "My Cloud Ex2100" | - | - |
Safe
|