← Back

CVE-2023-22817

nvd nist
Published: Feb 5, 2024Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104. 

Affected (13)

Westerndigital
13 products
My Cloud Pr2100 Firmware
My Cloud Pr4100 Firmware
My Cloud Ex4100 Firmware
My Cloud Ex2 Ultra Firmware
My Cloud Mirror G2 Firmware
My Cloud Dl2100 Firmware
My Cloud Dl4100 Firmware
My Cloud Ex2100 Firmware
My Cloud Glacier Firmware
Wd Cloud Firmware
My Cloud Home Firmware
My Cloud Home Duo Firmware
Sandisk Ibi Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr2100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Pr2100
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Pr4100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Pr4100
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex4100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Ex4100
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2 Ultra Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Ex2 Ultra
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Mirror G2 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Mirror G2
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl2100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Dl2100
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Dl4100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Dl4100
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Ex2100 Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Ex2100
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Glacier Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
My Cloud Glacier
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wd Cloud Firmware
Before 5.27.161
Running on/withPlatform Versions
Westerndigital
Wd Cloud
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Home Firmware
Before 9.5.1-104
Running on/withPlatform Versions
Westerndigital
My Cloud Home
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
My Cloud Home Duo Firmware
Before 9.5.1-104
Running on/withPlatform Versions
Westerndigital
My Cloud Home Duo
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sandisk Ibi Firmware
Before 9.5.1-104
Running on/withPlatform Versions
Westerndigital
Sandisk Ibi
All versions

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

Source: psirt@wdc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.