CVE-2022-22995

EUVD-2022-28106
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
WDC PSIRTCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
westerndigitalmy_cloud_pr2100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_pr4100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_ex4100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_ex2_ultra_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_mirror_gen_2_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_dl2100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_dl4100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_ex2100_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_firmware
𝑥
< 5.19.117
westerndigitalwd_cloud_firmware
𝑥
< 5.19.117
westerndigitalmy_cloud_home_firmware
𝑥
< 7.16-220
netatalknetatalk
𝑥
< 3.1.18
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
netatalk
bullseye
no-dsa
bullseye (security)
vulnerable
sid
4.0.3~ds-2
fixed
trixie
4.0.3~ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
netatalk
bionic
not-affected
focal
Fixed 3.1.12~ds-4ubuntu0.20.04.3+esm1
released
jammy
Fixed 3.1.12~ds-9ubuntu0.22.04.3+esm1
released
lunar
ignored
mantic
ignored
noble
not-affected
trusty
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/
https://security.gentoo.org/glsa/202311-02
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/
https://security.gentoo.org/glsa/202311-02
https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities