Unrated severityNVD Advisory· Published Feb 5, 2024· Updated Aug 2, 2024

Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products

CVE-2023-22817

Description

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Affected products

Sandisk/ibicpe-rescue
Range: 0
Western Digital/My Cloud Home & Duov5
Range: 0
Western Digital/My Cloud OS 5v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-updatemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000