Lucene search

WDC PSIRTCVELIST:CVE-2023-22814

HistoryJun 30, 2023 - 11:05 p.m.

CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices

2023-06-3023:05:43

CWE-290

WDC PSIRT

www.cve.org

cve-2023-22814

authentication bypass

my cloud os 5

spoofing

impersonation attack

security issue

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.

This issue affects My Cloud OS 5 devices: before 5.26.202.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.26.202",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

9.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for CVELIST:CVE-2023-22814