Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-29839
HistoryDec 09, 2022 - 6:15 p.m.

CVE-2022-29839

2022-12-0918:15:18
CWE-522
[email protected]
web.nvd.nist.gov
25
cve-2022-29839
insufficiently protected credentials
vulnerability
remote backups
data security
western digital my cloud

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

Affected configurations

NVD
Node
westerndigitalmy_cloudMatch-
OR
westerndigitalmy_cloud_dl2100Match-
OR
westerndigitalmy_cloud_dl4100Match-
OR
westerndigitalmy_cloud_ex2_ultraMatch-
OR
westerndigitalmy_cloud_ex2100Match-
OR
westerndigitalmy_cloud_ex4100Match-
OR
westerndigitalmy_cloud_mirror_g2Match-
OR
westerndigitalmy_cloud_pr2100Match-
OR
westerndigitalmy_cloud_pr4100Match-
OR
westerndigitalwd_cloudMatch-
OR
linuxlinux_kernelMatch-
AND
westerndigitalmy_cloud_osRange<5.25.124

CNA Affected

[
  {
    "vendor": "Western Digital",
    "product": "My Cloud",
    "versions": [
      {
        "version": "My Cloud",
        "status": "affected",
        "lessThan": "5.25.124",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
openvas 1
nvd
nvd
CVE-2022-29839
2022-12-09 18:15:18
prion
prion
Design/Logic Flaw
2022-12-09 18:15:00
cvelist
cvelist
CVE-2022-29839 Remote Backups Application Discloses Stored Credentials
2022-12-09 00:00:00
openvas
openvas
Western Digital My Cloud Multiple Products 5.x < 5.25.124 Multiple Vulnerabilities (WDC-22019)
2022-12-19 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2022-29839
nvd1prion1cvelist1openvas1