Intrusion PreventionWestern.Digital.MyCloud.multi_uploadify.Arbitrary.File.Upload
Description
This indicates an attack attempt to exploit a File Upload Vulnerability in Western Digital MyCloud.
The vulnerability is due to an input validation error while parsing a crafted HTTP request. A remote attacker could exploit this to execute arbitrary code within the context of the target application, via a crafted HTTP request.
Affected Products
Western Digital MyCloud
Western Digital My Cloud Gen 2
Western Digital My Cloud Mirror
Western Digital My Cloud PR2100
Western Digital My Cloud PR4100
Western Digital My Cloud EX2 Ultra
Western Digital My Cloud EX2
Western Digital My Cloud EX4
Western Digital My Cloud EX2100
Western Digital My Cloud EX4100
Western Digital My Cloud DL2100
Western Digital My Cloud DL4100
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://support.wdc.com/downloads.aspx?g=911&lang=en#firmware
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 45299 |
| Created | Dec 29, 2017 |
| Updated | Mar 13, 2018 |
| Risk |
|
| CVE ID | CVE-2017-17560 |
| Exploit Prediction Score | 97.24% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |