CVE-2023-22817

Name of the Vulnerable Software and Affected Versions My Cloud OS versions prior to 5.27.161 My Cloud Home version prior to 9.5.1-104 My Cloud Home Duo version prior to 9.5.1-104 SanDisk ibi version prior to 9.5.1-104

Description The issue is related to a server-side request forgery (SSRF) vulnerability. It could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter, potentially exploiting other vulnerabilities on the local server. This vulnerability is associated with insufficient validation of incoming requests.

Recommendations For My Cloud OS versions prior to 5.27.161, update to version 5.27.161 or later. For My Cloud Home, My Cloud Home Duo, and SanDisk ibi versions prior to 9.5.1-104, update to version 9.5.1-104 or later. As a temporary workaround, consider restricting access to the DNS addresses that refer to the loopback adapter to minimize the risk of exploitation.