CVE-2022-29836

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-11-09 21:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-29836

Mitre link : CVE-2022-29836

CVE.ORG link : CVE-2022-29836

JSON object : View

Products Affected

westerndigital

sandisk_ibi_firmware
my_cloud_home_firmware
my_cloud_home_duo
my_cloud_home
my_cloud_home_duo_firmware
sandisk_ibi

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-29836", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@wdc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 1.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.5}]}, "published": "2022-11-09T21:15:14.507", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113", "tags": ["Vendor Advisory"], "source": "psirt@wdc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "psirt@wdc.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un Restricted Directory (\"Path Traversal\") a trav\u00e9s de una API HTTP en Western Digital My Cloud Home; My Cloud Home Duo; y dispositivos SanDisk ibi que podr\u00edan permitir a un atacante abusar de ciertos par\u00e1metros para se\u00f1alar ubicaciones aleatorias en el sistema de archivos. Esto tambi\u00e9n podr\u00eda permitir al atacante iniciar la instalaci\u00f3n de paquetes personalizados en estas ubicaciones. Esto s\u00f3lo puede explotarse una vez que el atacante se haya autenticado en el dispositivo. Este problema afecta a: versiones de Western Digital My Cloud Home y My Cloud Home Duo anteriores a 8.11.0-113 en Linux; Versiones de SanDisk ibi anteriores a 8.11.0-113 en Linux."}], "lastModified": "2022-11-15T14:51:49.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F17551C-A43E-459B-B6E0-F24ACD31EA65", "versionEndExcluding": "8.11.0-113"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "308ED732-766A-4342-96C9-59A12A64DBCA", "versionEndExcluding": "8.11.0-113"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "172BFB9E-49F1-4E76-944E-914855932EF5", "versionEndExcluding": "8.11.0-113"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@wdc.com"}