CVE-2022-22995

high-risk
Published 2022-03-25

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 4be6b7fd47045601e97ad3f180f1164615f25a4d
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (15)

My Cloud Pr2100 Firmware
My Cloud Ex4100 Firmware
My Cloud Ex2 Ultra Firmware
My Cloud Mirror Gen 2 Firmware
My Cloud Dl2100 Firmware
My Cloud Dl4100 Firmware
My Cloud Ex2100 Firmware
My Cloud Firmware
Wd Cloud Firmware
My Cloud Home Firmware

Affected Vendors

Netatalk Fedoraproject Westerndigital

References (13)

https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Issue Tracking https://security.gentoo.org/glsa/202311-02
Vendor Advisory https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-secur...
https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00026.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Issue Tracking https://security.gentoo.org/glsa/202311-02
Vendor Advisory https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-secur...
52
/ 100
high-risk
Severity 33/34 · Critical
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate