CVE-2022-29836 - OpenCVE

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Westerndigital	My Cloud Home My Cloud Home Duo My Cloud Home Duo Firmware My Cloud Home Firmware Sandisk Ibi Sandisk Ibi Firmware

Configuration 1 [-]

AND

cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113

History

No history.

MITRE

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2022-11-09T00:00:00

Updated: 2024-08-03T06:33:42.762Z

Reserved: 2022-04-27T00:00:00

Link: CVE-2022-29836

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-11-09T21:15:14.507

Modified: 2022-11-15T14:51:49.350

Link: CVE-2022-29836

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-29836", "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "dateUpdated": "2024-08-03T06:33:42.762Z", "dateReserved": "2022-04-27T00:00:00", "datePublished": "2022-11-09T00:00:00"}, "containers": {"cna": {"title": "Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API", "providerMetadata": {"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT", "dateUpdated": "2022-11-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux."}], "affected": [{"vendor": "Western Digital", "product": "My Cloud Home", "versions": [{"version": "My Cloud Home ", "status": "affected", "lessThan": "8.11.0-113", "versionType": "custom"}, {"version": "My Cloud Home Duo", "status": "affected", "lessThan": "8.11.0-113", "versionType": "custom"}], "platforms": ["Linux"]}, {"vendor": "SanDisk", "product": "ibi", "versions": [{"version": "ibi", "status": "affected", "lessThan": "8.11.0-113", "versionType": "custom"}], "platforms": ["Linux"]}], "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "EXTERNAL"}, "solutions": [{"lang": "en", "value": "Your My Cloud Home and ibi device will be automatically updated to reflect the latest firmware version."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:33:42.762Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F17551C-A43E-459B-B6E0-F24ACD31EA65", "versionEndExcluding": "8.11.0-113", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "308ED732-766A-4342-96C9-59A12A64DBCA", "versionEndExcluding": "8.11.0-113", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*", "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "172BFB9E-49F1-4E76-944E-914855932EF5", "versionEndExcluding": "8.11.0-113", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un Restricted Directory (\"Path Traversal\") a trav\u00e9s de una API HTTP en Western Digital My Cloud Home; My Cloud Home Duo; y dispositivos SanDisk ibi que podr\u00edan permitir a un atacante abusar de ciertos par\u00e1metros para se\u00f1alar ubicaciones aleatorias en el sistema de archivos. Esto tambi\u00e9n podr\u00eda permitir al atacante iniciar la instalaci\u00f3n de paquetes personalizados en estas ubicaciones. Esto s\u00f3lo puede explotarse una vez que el atacante se haya autenticado en el dispositivo. Este problema afecta a: versiones de Western Digital My Cloud Home y My Cloud Home Duo anteriores a 8.11.0-113 en Linux; Versiones de SanDisk ibi anteriores a 8.11.0-113 en Linux."}], "id": "CVE-2022-29836", "lastModified": "2022-11-15T14:51:49.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "psirt@wdc.com", "type": "Secondary"}]}, "published": "2022-11-09T21:15:14.507", "references": [{"source": "psirt@wdc.com", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-22016-my-cloud-home-ibi-firmware-version-8-11-0-113"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@wdc.com", "type": "Secondary"}]}