CVE-2022-29837

{"id": "CVE-2022-29837", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@wdc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-12-01T17:15:11.290", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178", "tags": ["Vendor Advisory"], "source": "psirt@wdc.com"}, {"url": "https://www.westerndigital.com/support/product-security/wdc-22018-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-8-12-0-178", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@wdc.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution."}, {"lang": "es", "value": "Se solucion\u00f3 una vulnerabilidad de path traversal en Western Digital My Cloud Home, My Cloud Home Duo y SanDisk ibi que podr\u00eda permitir a un atacante iniciar la instalaci\u00f3n de paquetes ZIP personalizados y sobrescribir archivos del sistema. Potencialmente, esto podr\u00eda conducir a la ejecuci\u00f3n de un c\u00f3digo."}], "lastModified": "2024-11-21T06:59:47.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "931C7D29-B890-4F9E-BC34-8B06F760F0C0", "versionEndExcluding": "8.12.0-178"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02E03150-FBB8-409C-AC8C-7F1015394736", "versionEndExcluding": "8.12.0-178"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF66109-234D-4AC8-98A0-999466282B6B", "versionEndExcluding": "8.12.0-178"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@wdc.com"}