Lucene search

[email protected]CVE-2022-36326

HistoryMay 18, 2023 - 6:15 p.m.

CVE-2022-36326

2023-05-1818:15:09

CWE-400

[email protected]

web.nvd.nist.gov

cve-2022-36326

vulnerability

resource consumption

western digital

my cloud home

my cloud home duo

sandisk ibi

my cloud os 5

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.6%

JSON

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.

Affected configurations

NVD

Node

westerndigitalmy_cloudMatch-

westerndigitalmy_cloud_dl2100Match-

westerndigitalmy_cloud_dl4100Match-

westerndigitalmy_cloud_ex2_ultraMatch-

westerndigitalmy_cloud_ex2100Match-

westerndigitalmy_cloud_ex4100Match-

westerndigitalmy_cloud_mirror_g2Match-

westerndigitalmy_cloud_pr2100Match-

westerndigitalmy_cloud_pr4100Match-

westerndigitalwd_cloudMatch-

AND

westerndigitalmy_cloud_os_5Range<5.26.202

Node

westerndigitalmy_cloud_homeMatch-

AND

westerndigitalmy_cloud_home_firmwareRange<9.4.0-191

Node

westerndigitalsandisk_ibiMatch-

AND

westerndigitalsandisk_ibi_firmwareRange<9.4.0-191

Node

westerndigitalmy_cloud_home_duoMatch-

AND

westerndigitalmy_cloud_home_duo_firmwareRange<9.4.0-191

CPENameOperatorVersion
westerndigital:my_cloud_os_5westerndigital my cloud os 5lt5.26.202

CPE	Name	Operator	Version
westerndigital:my_cloud_os_5	westerndigital my cloud os 5	lt	5.26.202

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud Home and My Cloud Home Duo",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": " 9.4.0-191",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ibi",
    "vendor": "SanDisk",
    "versions": [
      {
        "lessThan": " 9.4.0-191",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.26.202",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]