The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
|
History
04 Jan 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Dec 2023, 15:19
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
First Time |
Netatalk netatalk
Netatalk Fedoraproject Fedoraproject fedora |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/ - Mailing List | |
References | () https://security.gentoo.org/glsa/202311-02 - Issue Tracking, Third Party Advisory |
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Oct 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2022, 01:12
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_mirror_gen_2:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_mirror_gen_2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:* cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:* cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:* |
|
First Time |
Westerndigital my Cloud Pr2100 Firmware
Westerndigital my Cloud Ex4100 Westerndigital my Cloud Ex2 Ultra Westerndigital my Cloud Pr2100 Westerndigital my Cloud Pr4100 Westerndigital Westerndigital my Cloud Home Westerndigital wd Cloud Westerndigital my Cloud Home Firmware Westerndigital my Cloud Dl2100 Westerndigital my Cloud Mirror Gen 2 Westerndigital wd Cloud Firmware Westerndigital my Cloud Mirror Gen 2 Firmware Westerndigital my Cloud Ex2100 Westerndigital my Cloud Pr4100 Firmware Westerndigital my Cloud Dl4100 Westerndigital my Cloud Firmware Westerndigital my Cloud Westerndigital my Cloud Ex2 Ultra Firmware Westerndigital my Cloud Dl4100 Firmware Westerndigital my Cloud Ex2100 Firmware Westerndigital my Cloud Ex4100 Firmware Westerndigital my Cloud Dl2100 Firmware |
|
CWE | CWE-59 |
25 Mar 2022, 23:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-25 23:15
Updated : 2024-01-04 22:15
NVD link : CVE-2022-22995
Mitre link : CVE-2022-22995
CVE.ORG link : CVE-2022-22995
JSON object : View
Products Affected
netatalk
- netatalk
westerndigital
- wd_cloud
- my_cloud_dl2100
- my_cloud_mirror_gen_2_firmware
- my_cloud_home
- my_cloud_ex4100_firmware
- my_cloud_pr2100_firmware
- my_cloud_dl4100_firmware
- my_cloud_dl2100_firmware
- my_cloud_dl4100
- wd_cloud_firmware
- my_cloud_pr4100
- my_cloud_firmware
- my_cloud_home_firmware
- my_cloud_ex4100
- my_cloud_pr4100_firmware
- my_cloud
- my_cloud_ex2_ultra
- my_cloud_pr2100
- my_cloud_ex2100_firmware
- my_cloud_ex2_ultra_firmware
- my_cloud_mirror_gen_2
- my_cloud_ex2100
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')