CVE-2023-22817

CVSS V2 None CVSS V3 None

Description

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Overview

CVE ID
CVE-2023-22817

Assigner
WDC PSIRT

Vulnerability Status
PUBLISHED

Published Version
2024-02-05T21:26:42.020Z

Last Modified Date
2024-02-05T21:26:42.020Z

Weakness Enumerations

CWE	URL
CWE-918	http://cwe.mitre.org/data/definitions/918.html

References

Reference URL	Reference Tags
https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-22817
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22817

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 14:30:48				Added to TrackCVE