CVE-2019-9949

Severity CVSS v4.0:

Pending analysis

Type:

CWE-59 Link Following

Publication date:

23/05/2019

Last modified:

29/05/2019

Description

Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100, DL2100, DL4100, PR2100 and PR4100 before firmware 2.31.183 are affected by a code execution (as root, starting from a low-privilege user session) vulnerability. The cgi-bin/webfile_mgr.cgi file allows arbitrary file write by abusing symlinks. Specifically, this occurs by uploading a tar archive that contains a symbolic link, then uploading another archive that writes a file to the link using the "cgi_untar" command. Other commands might also be susceptible. Code can be executed because the "name" parameter passed to the cgi_unzip command is not sanitized.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.80 HIGH
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.80

Severity 3.x

HIGH

Vector 2.0

AV:N/AC:L/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 9.00 HIGH
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

9.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:westerndigital:my_cloud_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_mirror_gen2_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_mirror_gen2:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware::::::::		2.31.183 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:westerndigital:my_cloud_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_mirror_gen2_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_mirror_gen2:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex2100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_dl2100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware::::::::		2.31.183 (excluding)
cpe:2.3:h:westerndigital:my_cloud_dl4100:-:::::::*
cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware::::::::		2.31.183 (excluding)

CVE-2019-9949

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools