cbcvebase.
CVE-2022-22995
published 2022-03-25

CVE-2022-22995: The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of…

PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.66%
83.8th percentile
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.

Affected

21 ranges
VendorProductVersion rangeFixed in
debiannetatalk< netatalk 3.1.12~ds-8+deb11u2 (bullseye)netatalk 3.1.12~ds-8+deb11u2 (bullseye)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
netatalknetatalk< 3.1.183.1.18
netatalknetatalk>= 0 < 3.1.12~ds-8+deb11u23.1.12~ds-8+deb11u2
netatalknetatalk>= 0 < 3.1.18~ds-13.1.18~ds-1
netatalknetatalk>= 0 < 3.1.18~ds-13.1.18~ds-1
western_digitalmy_cloud>= My Cloud OS 5 < 5.19.117 5.19.117
western_digitalmy_cloud_home>= My Cloud Home < 7.16-220 7.16-220
westerndigitalmy_cloud_dl2100_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_dl4100_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_ex2100_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_ex2_ultra_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_ex4100_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_home_firmware< 7.16-2207.16-220
westerndigitalmy_cloud_mirror_gen_2_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_pr2100_firmware< 5.19.1175.19.117
westerndigitalmy_cloud_pr4100_firmware< 5.19.1175.19.117
westerndigitalwd_cloud_firmware< 5.19.1175.19.117

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.