CVE-2022-22990 – CVE-2022-22990 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2022-22990?

CVE-2022-22990 has a CVSS score of 7.8 (HIGH). CVE-2022-22990 is an authentication bypass vulnerability in Western Digital My Cloud devices that allows attackers to bypass limited authentication checks, potentially leading to remote code execution and privilege escalation. This affects My Cloud OS5 devices running vulnerable firmware versions. Attackers could gain unauthorized access to network-attached storage systems.

📋 TL;DR

CVE-2022-22990 is an authentication bypass vulnerability in Western Digital My Cloud devices that allows attackers to bypass limited authentication checks, potentially leading to remote code execution and privilege escalation. This affects My Cloud OS5 devices running vulnerable firmware versions. Attackers could gain unauthorized access to network-attached storage systems.

💻 Affected Systems

Products:

Western Digital My Cloud devices running My Cloud OS5

Versions: My Cloud OS5 firmware versions before 5.19.117

Operating Systems: My Cloud OS5

Default Config Vulnerable: ⚠️ Yes

Notes: Devices with default configurations are vulnerable. The vulnerability involves PHP script rewriting rules and access token validation.

📦 What is this software?

My Cloud Os by Westerndigital

View all CVEs affecting My Cloud Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, data theft, ransomware deployment, and persistent backdoor installation on affected My Cloud devices.

🟠

Likely Case

Unauthorized access to stored files, configuration tampering, and potential lateral movement within the network from compromised storage devices.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only exposing storage data without system compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Multiple advisories confirm exploitation details. Attack requires some authentication bypass but leads to RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: My Cloud OS5 firmware version 5.19.117

Vendor Advisory: https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Restart Required: Yes

Instructions:

1. Log into My Cloud device web interface. 2. Navigate to Settings > Firmware Update. 3. Check for updates and install version 5.19.117 or later. 4. Reboot device after installation completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate My Cloud devices from internet and restrict internal network access

Access Control Lists

all

Implement strict firewall rules to limit device access to trusted IPs only

🧯 If You Can't Patch

Disable remote access features and ensure devices are not internet-facing
Implement strict network segmentation and monitor for unusual authentication attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version in My Cloud web interface under Settings > Firmware Update. Versions below 5.19.117 are vulnerable.

Check Version:

Check via web interface or SSH if enabled: cat /etc/version

Verify Fix Applied:

Confirm firmware version shows 5.19.117 or higher after update. Test authentication mechanisms for proper token validation.

📡 Detection & Monitoring

Log Indicators:

Failed authentication attempts followed by successful access
Unusual PHP script execution patterns
Access from unexpected IP addresses

Network Indicators:

HTTP requests bypassing authentication endpoints
Unusual traffic to PHP scripts on port 80/443

SIEM Query:

source="mycloud.log" AND ("authentication bypass" OR "PHP script" AND "unauthorized")

📊 Metadata

CVE ID: CVE-2022-22990

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-287

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-076/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-347/ Third Party Advisory,VDB Entry
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-076/ Third Party Advisory,VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-347/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22990, you might also want to check these: