Details of VAR-202201-0612

ID

VAR-202201-0612

CVE

CVE-2022-22990

TITLE

My Cloud Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2022-003515

DESCRIPTION

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. My Cloud There is an authentication vulnerability in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100. Authentication is not required to exploit this vulnerability.The specific flaw exists within the nasAdmin service, which listens on TCP ports 80 and 443 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to bypass authentication on the system. Western Digital My Cloud is a personal cloud storage device from Western Digital

Trust: 2.88

sources: NVD: CVE-2022-22990 // JVNDB: JVNDB-2022-003515 // ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // VULMON: CVE-2022-22990

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-06493

AFFECTED PRODUCTS

vendor:	westerndigital	model:	my cloud os	scope:	lt	version:	5.19.117	Trust: 1.0
vendor:	western digital	model:	my cloud os 5	scope:	eq	version:	-	Trust: 0.8
vendor:	western digital	model:	my cloud os 5	scope:	-	version:	-	Trust: 0.8
vendor:	western digital	model:	my cloud os 5	scope:	eq	version:	my cloud os 5 firmware	Trust: 0.8
vendor:	western digital	model:	mycloud pr4100	scope:	-	version:	-	Trust: 0.7
vendor:	western	model:	digital my cloud os	scope:	eq	version:	5	Trust: 0.6

sources: ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // JVNDB: JVNDB-2022-003515 // NVD: CVE-2022-22990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-22990
value:	HIGH
Trust: 1.0
psirt@wdc.com:	CVE-2022-22990
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-22990
value:	HIGH
Trust: 0.8
ZDI:	CVE-2022-22990
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2022-06493
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202201-1068
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-22990
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-22990
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-06493
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-22990
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
psirt@wdc.com:	CVE-2022-22990
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.4
impactScore:	5.8
version:	3.1
Trust: 1.0
NVD:	CVE-2022-22990
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2022-22990
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // VULMON: CVE-2022-22990 // JVNDB: JVNDB-2022-003515 // CNNVD: CNNVD-202201-1068 // NVD: CVE-2022-22990 // NVD: CVE-2022-22990

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-697	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-003515 // NVD: CVE-2022-22990

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1068

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202201-1068

PATCH

title:	WDC-22002	url:	https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117	Trust: 1.5
title:	Patch for Western Digital My Cloud OS 5 Authorization Issue Vulnerability (CNVD-2022-06493)	url:	https://www.cnvd.org.cn/patchInfo/show/315886	Trust: 0.6
title:	Western Digital My Cloud Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=178297	Trust: 0.6
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-23305	Trust: 0.1
title:	CVE-2022-XXXX	url:	https://github.com/AlphabugX/CVE-2022-RCE	Trust: 0.1

sources: ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // VULMON: CVE-2022-22990 // JVNDB: JVNDB-2022-003515 // CNNVD: CNNVD-202201-1068

EXTERNAL IDS

db:	NVD	id:	CVE-2022-22990	Trust: 4.6
db:	ZDI	id:	ZDI-22-347	Trust: 3.2
db:	ZDI	id:	ZDI-22-076	Trust: 2.5
db:	JVNDB	id:	JVNDB-2022-003515	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-15888	Trust: 0.7
db:	CNVD	id:	CNVD-2022-06493	Trust: 0.6
db:	CS-HELP	id:	SB2022021810	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1068	Trust: 0.6
db:	VULMON	id:	CVE-2022-22990	Trust: 0.1

sources: ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // VULMON: CVE-2022-22990 // JVNDB: JVNDB-2022-003515 // CNNVD: CNNVD-202201-1068 // NVD: CVE-2022-22990

REFERENCES

url:	https://www.zerodayinitiative.com/advisories/zdi-22-347/	Trust: 3.2
url:	https://www.zerodayinitiative.com/advisories/zdi-22-076/	Trust: 3.1
url:	https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22990	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022021810	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/697.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/alphabugx/cve-2022-23305	Trust: 0.1

sources: ZDI: ZDI-22-347 // CNVD: CNVD-2022-06493 // VULMON: CVE-2022-22990 // JVNDB: JVNDB-2022-003515 // CNNVD: CNNVD-202201-1068 // NVD: CVE-2022-22990

CREDITS

Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd)

Trust: 1.3

sources: ZDI: ZDI-22-347 // CNNVD: CNNVD-202201-1068

SOURCES

db:	ZDI	id:	ZDI-22-347
db:	CNVD	id:	CNVD-2022-06493
db:	VULMON	id:	CVE-2022-22990
db:	JVNDB	id:	JVNDB-2022-003515
db:	CNNVD	id:	CNNVD-202201-1068
db:	NVD	id:	CVE-2022-22990

LAST UPDATE DATE

2024-11-23T22:44:06.504000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-22-347	date:	2022-02-15T00:00:00
db:	CNVD	id:	CNVD-2022-06493	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2022-22990	date:	2023-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-003515	date:	2023-02-22T05:48:00
db:	CNNVD	id:	CNNVD-202201-1068	date:	2023-07-12T00:00:00
db:	NVD	id:	CVE-2022-22990	date:	2024-11-21T06:47:45.363

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-22-347	date:	2022-02-15T00:00:00
db:	CNVD	id:	CNVD-2022-06493	date:	2022-01-25T00:00:00
db:	VULMON	id:	CVE-2022-22990	date:	2022-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-003515	date:	2023-02-22T00:00:00
db:	CNNVD	id:	CNNVD-202201-1068	date:	2022-01-13T00:00:00
db:	NVD	id:	CVE-2022-22990	date:	2022-01-13T21:15:08.917