Sign-up

ID

VAR-202201-0609


CVE

CVE-2022-22989


TITLE

My Cloud OS 5  Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003516

DESCRIPTION

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues. My Cloud OS 5 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Western Digital My Cloud is a personal cloud storage device from Western Digital

Trust: 2.25

sources: NVD: CVE-2022-22989 // JVNDB: JVNDB-2022-003516 // CNVD: CNVD-2022-06492 // VULMON: CVE-2022-22989

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-06492

AFFECTED PRODUCTS

vendor:westerndigitalmodel:my cloud osscope:ltversion:5.19.117

Trust: 1.0

vendor:western digitalmodel:my cloud os 5scope:eqversion: -

Trust: 0.8

vendor:western digitalmodel:my cloud os 5scope: - version: -

Trust: 0.8

vendor:western digitalmodel:my cloud os 5scope:eqversion:my cloud os 5 firmware

Trust: 0.8

vendor:westernmodel:digital my cloud osscope:eqversion:5

Trust: 0.6

sources: CNVD: CNVD-2022-06492 // JVNDB: JVNDB-2022-003516 // NVD: CVE-2022-22989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22989
value: CRITICAL

Trust: 1.0

psirt@wdc.com: CVE-2022-22989
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-22989
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-06492
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202201-1067
value: CRITICAL

Trust: 0.6

VULMON: CVE-2022-22989
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22989
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-06492
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-22989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2022-22989
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-06492 // VULMON: CVE-2022-22989 // JVNDB: JVNDB-2022-003516 // CNNVD: CNNVD-202201-1067 // NVD: CVE-2022-22989 // NVD: CVE-2022-22989

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-003516 // NVD: CVE-2022-22989

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1067

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202201-1067

PATCH

title:WDC-22002url:https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Trust: 0.8

title:Patch for Western Digital My Cloud OS 5 Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/315891

Trust: 0.6

title:Western Digital My Cloud Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178222

Trust: 0.6

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-23305

Trust: 0.1

title:CVE-2022-XXXXurl:https://github.com/AlphabugX/CVE-2022-RCE

Trust: 0.1

sources: CNVD: CNVD-2022-06492 // VULMON: CVE-2022-22989 // JVNDB: JVNDB-2022-003516 // CNNVD: CNNVD-202201-1067

EXTERNAL IDS

db:NVDid:CVE-2022-22989

Trust: 3.9

db:JVNDBid:JVNDB-2022-003516

Trust: 0.8

db:CNVDid:CNVD-2022-06492

Trust: 0.6

db:CS-HELPid:SB2022021810

Trust: 0.6

db:CNNVDid:CNNVD-202201-1067

Trust: 0.6

db:VULMONid:CVE-2022-22989

Trust: 0.1

sources: CNVD: CNVD-2022-06492 // VULMON: CVE-2022-22989 // JVNDB: JVNDB-2022-003516 // CNNVD: CNNVD-202201-1067 // NVD: CVE-2022-22989

REFERENCES

url:https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-22989

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2022021810

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/alphabugx/cve-2022-23305

Trust: 0.1

sources: CNVD: CNVD-2022-06492 // VULMON: CVE-2022-22989 // JVNDB: JVNDB-2022-003516 // CNNVD: CNNVD-202201-1067 // NVD: CVE-2022-22989

SOURCES

db:CNVDid:CNVD-2022-06492
db:VULMONid:CVE-2022-22989
db:JVNDBid:JVNDB-2022-003516
db:CNNVDid:CNNVD-202201-1067
db:NVDid:CVE-2022-22989

LAST UPDATE DATE

2024-11-23T22:44:06.539000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-06492date:2022-01-25T00:00:00
db:VULMONid:CVE-2022-22989date:2023-10-12T00:00:00
db:JVNDBid:JVNDB-2022-003516date:2023-02-22T06:00:00
db:CNNVDid:CNNVD-202201-1067date:2022-02-28T00:00:00
db:NVDid:CVE-2022-22989date:2024-11-21T06:47:45.200

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-06492date:2022-01-25T00:00:00
db:VULMONid:CVE-2022-22989date:2022-01-13T00:00:00
db:JVNDBid:JVNDB-2022-003516date:2023-02-22T00:00:00
db:CNNVDid:CNNVD-202201-1067date:2022-01-13T00:00:00
db:NVDid:CVE-2022-22989date:2022-01-13T21:15:08.863