CVE-2022-22998 - Vulnerability Details - OpenCVE

Implemented protections on AWS credentials that were not properly protected.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Westerndigital	My Cloud Home My Cloud Home Duo My Cloud Home Duo Firmware My Cloud Home Firmware

Configuration 1 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:westerndigital:my_cloud_home_duo:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:westerndigital:my_cloud_home:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

No data.

References

Link	Providers
https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107

History

No history.

MITRE

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2022-07-12T20:19:34

Updated: 2024-08-03T03:28:42.801Z

Reserved: 2022-01-10T00:00:00

Link: CVE-2022-22998

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-12T21:15:09.447

Modified: 2024-11-21T06:47:46.453

Link: CVE-2022-22998

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": ["Linux"], "product": "My Cloud Home", "vendor": "Western Digital", "versions": [{"lessThan": "8.5.1-102", "status": "affected", "version": "My Cloud Home Firmware", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Western Digital would like to thank Viettel Cyber Security for reporting this issue."}], "descriptions": [{"lang": "en", "value": "Implemented protections on AWS credentials that were not properly protected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-12T20:19:34", "orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107"}], "solutions": [{"lang": "en", "value": "My Cloud Home devices have been automatically updated to resolve this vulnerability"}], "source": {"discovery": "EXTERNAL"}, "title": "Protecting AWS credentials stored in plaintext on My Cloud Home", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-22998", "STATE": "PUBLIC", "TITLE": "Protecting AWS credentials stored in plaintext on My Cloud Home"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "My Cloud Home", "version": {"version_data": [{"platform": "Linux", "version_affected": "<", "version_name": "My Cloud Home Firmware", "version_value": "8.5.1-102"}]}}]}, "vendor_name": "Western Digital"}]}}, "credit": [{"lang": "eng", "value": "Western Digital would like to thank Viettel Cyber Security for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Implemented protections on AWS credentials that were not properly protected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-522 Insufficiently Protected Credentials"}]}]}, "references": {"reference_data": [{"name": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107", "refsource": "MISC", "url": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107"}]}, "solution": [{"lang": "en", "value": "My Cloud Home devices have been automatically updated to resolve this vulnerability"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:42.801Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107"}]}]}, "cveMetadata": {"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "cveId": "CVE-2022-22998", "datePublished": "2022-07-12T20:19:34", "dateReserved": "2022-01-10T00:00:00", "dateUpdated": "2024-08-03T03:28:42.801Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A841DCC2-1613-4AEA-9BA4-01C8CDFFC139", "versionEndExcluding": "8.5.1-102", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F6393CE-61EF-48D1-AD0B-2462D0E08406", "versionEndExcluding": "8.5.1-102", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Implemented protections on AWS credentials that were not properly protected."}, {"lang": "es", "value": "Se han implementado protecciones en las credenciales de AWS que no estaban debidamente protegidas"}], "id": "CVE-2022-22998", "lastModified": "2024-11-21T06:47:46.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "psirt@wdc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-12T21:15:09.447", "references": [{"source": "psirt@wdc.com", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "psirt@wdc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}