{
    "CVE_data_meta": {
        "ASSIGNER": "psirt@wdc.com",
        "ID": "CVE-2022-22995",
        "STATE": "PUBLIC",
        "TITLE": "Western Digital My Cloud OS 5 and My Cloud Home Unauthenticated Arbitrary File Write Vulnerability in Netatalk"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "My Cloud",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Linux",
                                            "version_affected": "<",
                                            "version_name": "My Cloud OS 5",
                                            "version_value": " 5.19.117"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "My Cloud Home",
                                "version": {
                                    "version_data": [
                                        {
                                            "platform": "Android ",
                                            "version_affected": "<",
                                            "version_name": "My Cloud Home",
                                            "version_value": " 7.16-220"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Western Digital"
                }
            ]
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "Corentin BAYET (@OnlyTheDuck), Etienne HELLUY-LAFONT and Luca MORO (@johncool__) from Synacktiv working with Trend Micro\u2019s Zero Day Initiative"
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities",
                "name": "https://www.westerndigital.com/support/product-security/wdc-22005-netatalk-security-vulnerabilities"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2023-cec97f7b5d",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XO34FWOIJI6V6PH2XY52WNBBARVWPJG2/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2023-ef901c862c",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T5CZZLFOTUP3QYHGHSDUNENGSLPJ6KGO/"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202311-02",
                "url": "https://security.gentoo.org/glsa/202311-02"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2023-39f0ec3879",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/55ROUJI22SHZX5EM23QAILZHI67EZQKW/"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20240104 [SECURITY] [DLA 3706-1] netatalk security update",
                "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00000.html"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."
        }
    ],
    "source": {
        "discovery": "EXTERNAL"
    }
}