CVE-2022-22995 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
WDC PSIRT	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
westerndigital	my_cloud_pr2100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_pr4100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_ex4100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_ex2_ultra_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_mirror_gen_2_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_dl2100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_dl4100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_ex2100_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_firmware	𝑥 < 5.19.117
westerndigital	wd_cloud_firmware	𝑥 < 5.19.117
westerndigital	my_cloud_home_firmware	𝑥 < 7.16-220
netatalk	netatalk	𝑥 < 3.1.18

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

netatalk

bullseye (security)	vulnerable
bullseye	no-dsa
sid	4.0.3~ds-2 fixed
trixie	4.0.3~ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

netatalk

noble	not-affected
mantic	ignored
lunar	ignored
jammy	Fixed 3.1.12~ds-9ubuntu0.22.04.3+esm1 released
focal	Fixed 3.1.12~ds-4ubuntu0.20.04.3+esm1 released
bionic	not-affected
xenial	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

https://security.gentoo.org/glsa/202311-02

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html

https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/

https://security.gentoo.org/glsa/202311-02

https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities