Western Digital My Cloud NAS Web Administration HTTP Service File Upload Vulnerability

A vulnerability in Western Digital My Cloud could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system.

The vulnerability is in the /web/jquery/uploader/multi_uploadify.php function of the affected software and is due to insufficient authentication by the affected software. An attacker could exploit this vulnerability by submitting a crafted PHP shell to a targeted system. A successful exploit could allow the attacker to execute arbitrary code as root on the targeted system.

Functional code that demonstrates an exploit of this vulnerability is publicly available.

Western Digital has confirmed the vulnerability and released firmware updates.

Analysis
  • To exploit this vulnerability, the attacker must submit a crafted PHP shell to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
Safeguards
  • Administrators are advised to apply the appropriate updates.

    Administrators are advised to allow only trusted users to have network access.

    Administrators can help protect affected systems from external attacks by using a solid firewall strategy.

    Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

    Administrators are advised to monitor affected systems.

Vendor Announcements
  • Western Digital has released security information at the following link: CVE-2017-17560
Fixed Software




Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: