Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
13 Feb 2024, 14:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_glacier:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* |
|
First Time |
Westerndigital my Cloud Ex4100 Firmware
Westerndigital Westerndigital my Cloud Pr4100 Westerndigital my Cloud Glacier Westerndigital my Cloud Mirror G2 Firmware Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Dl4100 Westerndigital sandisk Ibi Firmware Westerndigital my Cloud Dl2100 Westerndigital my Cloud Dl4100 Firmware Westerndigital my Cloud Home Duo Westerndigital my Cloud Pr2100 Firmware Westerndigital my Cloud Home Firmware Westerndigital my Cloud Ex2100 Westerndigital wd Cloud Westerndigital my Cloud Dl2100 Firmware Westerndigital my Cloud Home Westerndigital my Cloud Ex2 Ultra Firmware Westerndigital my Cloud Pr2100 Westerndigital my Cloud Glacier Firmware Westerndigital my Cloud Ex4100 Westerndigital my Cloud Mirror G2 Westerndigital sandisk Ibi Westerndigital my Cloud Ex2100 Firmware Westerndigital my Cloud Pr4100 Firmware Westerndigital wd Cloud Firmware Westerndigital my Cloud Home Duo Firmware |
|
CWE | CWE-918 | |
References | () https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
05 Feb 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-05 22:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-22817
Mitre link : CVE-2023-22817
CVE.ORG link : CVE-2023-22817
JSON object : View
Products Affected
westerndigital
- my_cloud_ex2100_firmware
- my_cloud_ex2_ultra
- my_cloud_home
- my_cloud_ex2_ultra_firmware
- my_cloud_home_duo
- sandisk_ibi
- my_cloud_pr2100
- my_cloud_pr4100_firmware
- sandisk_ibi_firmware
- my_cloud_pr4100
- my_cloud_home_duo_firmware
- my_cloud_glacier_firmware
- my_cloud_dl2100
- wd_cloud
- my_cloud_dl4100
- my_cloud_pr2100_firmware
- my_cloud_dl2100_firmware
- my_cloud_home_firmware
- my_cloud_ex4100_firmware
- wd_cloud_firmware
- my_cloud_ex4100
- my_cloud_glacier
- my_cloud_dl4100_firmware
- my_cloud_mirror_g2
- my_cloud_ex2100
- my_cloud_mirror_g2_firmware
CWE
CWE-918
Server-Side Request Forgery (SSRF)