CVE-2022-22989 — Stack-based Buffer Overflow in Digital MY Cloud

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 20.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Western Digital MY Cloud Westerndigital MY Cloud OS

Timeline

PublishedJan 13

Latest updateJan 14

Description

My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5western_digital/my_cloudMy Cloud OS 5 — 5.19.117

▶NVDwesterndigital/my_cloud_os< 5.19.117

🔴Vulnerability Details

GHSA

GHSA-xjqw-8fp3-69c2: My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service↗2022-01-14

▶