CVE-2022-22995 | Severity.io

Description

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Related CPE's

my_cloud_pr2100_firmware

Vulnerable

my_cloud_pr2100

my_cloud_pr4100_firmware

Vulnerable

my_cloud_pr4100

my_cloud_ex4100_firmware

Vulnerable

my_cloud_ex4100

my_cloud_ex2_ultra_firmware

Vulnerable

my_cloud_ex2_ultra

my_cloud_mirror_gen_2_firmware

Vulnerable

my_cloud_mirror_gen_2

my_cloud_dl2100_firmware

Vulnerable

my_cloud_dl2100

my_cloud_dl4100_firmware

Vulnerable

my_cloud_dl4100

my_cloud_ex2100_firmware

Vulnerable

my_cloud_ex2100

my_cloud_firmware

Vulnerable

wd_cloud_firmware

Vulnerable

my_cloud_home_firmware

Vulnerable

Vulnerable

o

fedoraproject

fedora

3

References

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

Mailing List

https://security.gentoo.org/glsa/202311-02

Issue TrackingThird Party Advisory

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

Vendor Advisory

Weaknesses

[email protected]

Primary

CWE-59

[email protected]

Secondary

CWE-59

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

CVSS V3.1
CVSS V3.0
CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-25T23:15:08.410

3 years ago

Last modified

2024-01-04T22:15:07.200

1 year ago