CVE-2023-22817 — Server-Side Request Forgery in IBI

CWE-918 — Server-Side Request Forgery CWE-94 — Code Injection CWE-95 — Eval Injection CWE-77 — Command Injection4 documents4 sources

Severity

5.5MEDIUMNVD

GHSA9.8

EPSS

0.1%

top 71.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sandisk IBI Western Digital MY Cloud Home DUO Western Digital MY Cloud OS 5 +14 more

Timeline

PublishedFeb 5

Latest updateFeb 6

Description

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages17 packages

▶CVEListV5western_digital/my_cloud_home_duo< 9.5.1-104

▶NVDwesterndigital/my_cloud_home_firmware< 9.5.1-104

▶NVDwesterndigital/my_cloud_home_duo_firmware< 9.5.1-104

▶CVEListV5western_digital/my_cloud_os_5< 5.27.161

▶NVDwesterndigital/wd_cloud_firmware< 5.27.161

🔴Vulnerability Details

GHSA

GHSA-ff78-2q7q-3gpw: Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to p↗2024-02-06

▶

GHSA

Arbitrary Code Execution in Pillow↗2024-01-19

▶

📋Vendor Advisories

Red Hat

pillow: Arbitrary Code Execution via the environment parameter↗2024-01-19

▶