Lucene search

WDC PSIRTCVE-2022-36331

HistoryJun 12, 2023 - 6:15 p.m.

CVE-2022-36331

2023-06-1218:15:09

CWE-290

WDC PSIRT

web.nvd.nist.gov

cve-2022-36331

vulnerability

western digital

my cloud

sandisk ibi

impersonation attack

authentication

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%

JSON

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.
This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

Affected configurations

Nvd

Node

westerndigitalmy_cloud_pr2100Match-

AND

westerndigitalmy_cloud_pr2100_firmwareRange<5.25.132

Node

westerndigitalmy_cloud_pr4100Match-

AND

westerndigitalmy_cloud_pr4100_firmwareRange<5.25.132

Node

westerndigitalmy_cloud_ex4100_firmwareRange<5.25.132

AND

westerndigitalmy_cloud_ex4100Match-

Node

westerndigitalmy_cloud_ex2_ultra_firmwareRange<5.25.132

AND

westerndigitalmy_cloud_ex2_ultraMatch-

Node

westerndigitalmy_cloud_mirror_g2_firmwareRange<5.25.132

AND

westerndigitalmy_cloud_mirror_g2Match-

Node

westerndigitalmy_cloud_dl2100_firmwareRange<5.25.132

AND

westerndigitalmy_cloud_dl2100Match-

Node

westerndigitalmy_cloud_dl4100Match-

AND

westerndigitalmy_cloud_dl4100_firmwareRange<5.25.132

Node

westerndigitalmy_cloud_ex2100Match-

AND

westerndigitalmy_cloud_ex2100_firmwareRange<5.25.132

Node

westerndigitalmy_cloud_homeMatch-

AND

westerndigitalmy_cloud_home_firmwareRange<8.13.1-102

Node

westerndigitalmy_cloud_home_duoMatch-

AND

westerndigitalmy_cloud_home_duo_firmwareRange<8.13.1-102

Node

westerndigitalsandisk_ibiMatch-

AND

westerndigitalsandisk_ibi_firmwareRange<8.13.1-102

Node

westerndigitalmy_cloudMatch-

AND

westerndigitalmy_cloud_firmwareRange<5.25.132

VendorProductVersionCPE
westerndigitalmy_cloud_pr2100-cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr2100_firmware*cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100-cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100_firmware*cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100_firmware*cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100-cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra_firmware*cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra-cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_g2_firmware*cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_g2-cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
westerndigital	my_cloud_pr2100	-	cpe:2.3:h:westerndigital:my_cloud_pr2100:-:::::::*
westerndigital	my_cloud_pr2100_firmware	*	cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware::::::::
westerndigital	my_cloud_pr4100	-	cpe:2.3:h:westerndigital:my_cloud_pr4100:-:::::::*
westerndigital	my_cloud_pr4100_firmware	*	cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware::::::::
westerndigital	my_cloud_ex4100_firmware	*	cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware::::::::
westerndigital	my_cloud_ex4100	-	cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
westerndigital	my_cloud_ex2_ultra_firmware	*	cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware::::::::
westerndigital	my_cloud_ex2_ultra	-	cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:::::::*
westerndigital	my_cloud_mirror_g2_firmware	*	cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware::::::::
westerndigital	my_cloud_mirror_g2	-	cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:::::::*

Rows per page:

1-10 of 241

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.25.132",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud Home and My Cloud Home Duo",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": " 8.13.1-102",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ibi",
    "vendor": "SanDisk",
    "versions": [
      {
        "lessThan": " 8.13.1-102",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update

www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%

JSON

Related for CVE-2022-36331