SSRF Vulnerability in Western Digital My Cloud Devices Allows Server Impersonation and Unauthorized Access

SSRF Vulnerability in Western Digital My Cloud Devices Allows Server Impersonation and Unauthorized Access

CVE-2022-22993 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.

Learn more about our Cis Benchmark Audit For Server Software.