cbcvebase.
CVE-2022-22990
published 2022-01-13

CVE-2022-22990: A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My…

PriorityP355high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
2.12%
79.6th percentile
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

Affected

2 ranges
VendorProductVersion rangeFixed in
western_digitalmy_cloud>= My Cloud OS 5 < 5.19.1175.19.117
westerndigitalmy_cloud_os< 5.19.1175.19.117

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.08.3HIGHAV:A/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.