CVE-2023-22817 : Server-side request forgery (SSRF) vulnerability that could allow a rogue server

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Published 2024-02-05 22:15:55

Updated 2024-02-13 14:27:09

Source Western Digital

View at NVD, CVE.org

Vulnerability category: Server-side request forgery (SSRF)

Products affected by CVE-2023-22817

Westerndigital » My Cloud Pr4100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Pr4100 » Version: N/A
Westerndigital » My Cloud Ex2 Ultra Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Ex2 Ultra » Version: N/A
Westerndigital » My Cloud Ex2100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Ex2100 » Version: N/A
Westerndigital » My Cloud Ex4100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Ex4100 » Version: N/A
Westerndigital » My Cloud Dl2100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Dl2100 » Version: N/A
Westerndigital » My Cloud Dl4100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Dl4100 » Version: N/A
Westerndigital » My Cloud Pr2100 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Pr2100 » Version: N/A
Westerndigital » Wd Cloud Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » Wd Cloud » Version: N/A
Westerndigital » My Cloud Home Firmware
Versions before (<) 9.5.1-104
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Home » Version: N/A
Westerndigital » My Cloud Home Duo Firmware
Versions before (<) 9.5.1-104
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Home Duo » Version: N/A
Westerndigital » My Cloud Mirror G2 Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Mirror G2 » Version: N/A
Westerndigital » Sandisk Ibi Firmware
Versions before (<) 9.5.1-104
cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » Sandisk Ibi » Version: N/A
Westerndigital » My Cloud Glacier Firmware
Versions before (<) 5.27.161
cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Westerndigital » My Cloud Glacier » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-22817

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-22817

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	1.8	3.6	NIST	2024-02-13
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	1.8	3.6	Western Digital	2024-02-05
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-22817

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Assigned by:
- nvd@nist.gov (Primary)
- psirt@wdc.com (Secondary)

References for CVE-2023-22817

https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update

WDC-24001 Western Digital My Cloud OS 5, My Cloud Home & Duo and SanDisk ibi Firmware Update | Western Digital
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-22817

Products affected by CVE-2023-22817

Exploit prediction scoring system (EPSS) score for CVE-2023-22817

CVSS scores for CVE-2023-22817

CWE ids for CVE-2023-22817

References for CVE-2023-22817