Lucene search

[email protected]NVD:CVE-2023-22814

HistoryJul 01, 2023 - 12:15 a.m.

CVE-2023-22814

2023-07-0100:15:09

CWE-290

[email protected]

web.nvd.nist.gov

cve-2023-22814

token-based authentication

impersonation attack

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.

This issue affects My Cloud OS 5 devices: before 5.26.202.

Affected configurations

NVD

Node

westerndigitalmy_cloudMatch-

westerndigitalmy_cloud_dl2100Match-

westerndigitalmy_cloud_dl4100Match-

westerndigitalmy_cloud_ex2_ultraMatch-

westerndigitalmy_cloud_ex2100Match-

westerndigitalmy_cloud_ex4100Match-

westerndigitalmy_cloud_mirror_g2Match-

westerndigitalmy_cloud_pr2100Match-

westerndigitalmy_cloud_pr4100Match-

westerndigitalwd_cloudMatch-

AND

westerndigitalmy_cloud_osRange5.02.104–5.26.202

References

www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for NVD:CVE-2023-22814

prion1 cve1 cvelist1 openvas1