CVE-2022-22992 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-22992?

CVE-2022-22992 has a CVSS score of 7.8 (HIGH). This CVE describes a command injection vulnerability in Western Digital My Cloud devices that allows remote attackers to execute arbitrary system commands. The vulnerability occurs when user input is not properly sanitized before being passed to shell functions. All users of affected Western Digital My Cloud devices are at risk.

📋 TL;DR

This CVE describes a command injection vulnerability in Western Digital My Cloud devices that allows remote attackers to execute arbitrary system commands. The vulnerability occurs when user input is not properly sanitized before being passed to shell functions. All users of affected Western Digital My Cloud devices are at risk.

💻 Affected Systems

Products:

Western Digital My Cloud devices running My Cloud OS 5

Versions: My Cloud OS 5 versions prior to 5.19.117

Operating Systems: My Cloud OS 5

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

My Cloud Os by Westerndigital

View all CVEs affecting My Cloud Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install malware, steal data, pivot to internal networks, or use device as part of botnet.

🟠

Likely Case

Data theft, ransomware deployment, or device being used for cryptocurrency mining or DDoS attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though device could still be compromised.

🌐 Internet-Facing: HIGH - These devices are often exposed to the internet for remote access.

🏢 Internal Only: MEDIUM - Still significant risk if attacker gains internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Command injection vulnerabilities are typically easy to exploit once the injection point is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: My Cloud OS 5 firmware version 5.19.117

Vendor Advisory: https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117

Restart Required: Yes

Instructions:

1. Log into My Cloud device web interface. 2. Navigate to Settings > Firmware Update. 3. Check for updates and install version 5.19.117. 4. Reboot device after installation completes.

🔧 Temporary Workarounds

Network Isolation

all

Remove device from internet exposure and restrict network access

Disable Remote Access

all

Turn off remote access features in device settings

🧯 If You Can't Patch

Isolate device on separate VLAN with strict firewall rules
Disable all remote access features and require VPN for access

🔍 How to Verify

Check if Vulnerable:

Check firmware version in device web interface under Settings > Firmware Update

Check Version:

Not applicable - check via web interface only

Verify Fix Applied:

Confirm firmware version shows 5.19.117 or higher

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in system logs
Multiple failed authentication attempts followed by successful access

Network Indicators:

Unusual outbound connections from device
Traffic to known malicious IPs

SIEM Query:

source="mycloud" AND (event="command_execution" OR event="shell_execution")

📊 Metadata

CVE ID: CVE-2022-22992

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-116

Published: January 28, 2022

Last Updated: November 21, 2024

🔗 References

https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 Vendor Advisory
https://www.westerndigital.com/support/product-security/wdc-22002-my-cloud-os5-firmware-5-19-117 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-22992, you might also want to check these: