Western Digital My Cloud Multiple Products 5.0 < 5.23.114 Multiple Vulnerabilities (WDC-22011)

2022-07-2500:00:00

plugins.openvas.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.5%

JSON

Multiple Western Digital My Cloud products are prone to multiple
vulnerabilities.

# Copyright (C) 2022 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.104255");
  script_version("2022-07-27T10:11:28+0000");
  script_tag(name:"last_modification", value:"2022-07-27 10:11:28 +0000 (Wed, 27 Jul 2022)");
  script_tag(name:"creation_date", value:"2022-07-25 15:39:55 +0000 (Mon, 25 Jul 2022)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-09-24 21:49:00 +0000 (Fri, 24 Sep 2021)");

  # nb: CVEs for DSA-5126-1 got taken from https://security-tracker.debian.org/tracker/DSA-5126-1
  script_cve_id("CVE-2020-20891", "CVE-2020-20892", "CVE-2020-20896", "CVE-2020-21688", "CVE-2020-21697",
                "CVE-2021-3566", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0865", "CVE-2022-22999",
                "CVE-2022-29191", "CVE-2022-29192", "CVE-2022-29193", "CVE-2022-29194", "CVE-2022-29195",
                "CVE-2022-29196", "CVE-2022-29197", "CVE-2022-29198", "CVE-2022-29199", "CVE-2022-29200",
                "CVE-2022-29201", "CVE-2022-29202", "CVE-2022-29203", "CVE-2022-29204", "CVE-2022-29205",
                "CVE-2022-29206", "CVE-2022-29207", "CVE-2022-29208", "CVE-2022-29209", "CVE-2022-29210",
                "CVE-2022-29211", "CVE-2022-29212", "CVE-2022-29213", "CVE-2022-23000");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Western Digital My Cloud Multiple Products 5.0 < 5.23.114 Multiple Vulnerabilities (WDC-22011)");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_wd_mycloud_consolidation.nasl");
  script_mandatory_keys("wd-mycloud/detected");

  script_tag(name:"summary", value:"Multiple Western Digital My Cloud products are prone to multiple
  vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The following vulnerabilities exist / mitigation was done:

  - Updated ffmpeg to version 7:4.1.9-0+deb10u1 to resolve DSA-5126-1 that could result in a denial
  of service vulnerability

  - Updated libtiff to version 4.4.0 to resolve CVE-2022-0561, CVE-2022-0562, CVE-2022-0865 that
  could result in a denial of service vulnerability

  - Updated TensorFlow to version 2.6.5 to resolve multiple CVEs (CVE-2022-29191 through
  CVE-2022-29213) that could result in app crashes and denial of service vulnerability

  - Updated multiple apps to resolve an issue which could result in Cross Site Scripting (XSS)
  vulnerability

  - CVE-2022-22999: An attacker with elevated privileges to access drives being backed up is able to
  construct and inject JavaScript payloads into an authenticated user's browser

  - CVE-2022-23000: Western Digital My Cloud Web App uses a weak SSLContext when attempting to
  configure port forwarding rules. This was enabled to maintain compatibility with old or outdated
  home routers. As a result, a local user with least privileges can exploit this vulnerability and
  jeopardize the integrity, confidentiality and authenticity of information transmitted. This
  vulnerability was resolved by enabling TLS ConnectionSwitching to a 'TLS' context instead of
  'SSL'.");

  script_tag(name:"affected", value:"Western Digital My Cloud PR2100, My Cloud PR4100, My Cloud
  EX4100, My Cloud EX2 Ultra, My Cloud Mirror Gen 2, My Cloud DL2100, My Cloud DL4100, My Cloud
  EX2100, My Cloud and WD Cloud with firmware versions prior to 5.23.114.");

  script_tag(name:"solution", value:"Update to firmware version 5.23.114 or later.");

  script_xref(name:"URL", value:"https://community.wd.com/t/my-cloud-os-5-firmware-release-note-v5-23-114/278556");
  script_xref(name:"URL", value:"https://os5releasenotes.mycloud.com/#5.23.114");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-5126-1");
  script_xref(name:"URL", value:"https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

cpe_list = make_list("cpe:/o:wdc:wd_cloud_firmware",
                     "cpe:/o:wdc:my_cloud_firmware",
                     "cpe:/o:wdc:my_cloud_mirror_firmware",
                     "cpe:/o:wdc:my_cloud_ex2ultra_firmware",
                     "cpe:/o:wdc:my_cloud_ex2100_firmware",
                     "cpe:/o:wdc:my_cloud_ex4100_firmware",
                     "cpe:/o:wdc:my_cloud_dl2100_firmware",
                     "cpe:/o:wdc:my_cloud_dl4100_firmware",
                     "cpe:/o:wdc:my_cloud_pr2100_firmware",
                     "cpe:/o:wdc:my_cloud_pr4100_firmware");

if (!infos = get_app_version_from_list(cpe_list: cpe_list, nofork: TRUE, version_regex: "^[0-9]+\.[0-9]+\.[0-9]+")) # nb: The HTTP Detection is only able to extract the major release like 2.30
  exit(0);

version = infos["version"];

if (version_in_range_exclusive(version: version, test_version_lo: "5.0", test_version_up: "5.23.114")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "5.23.114");
  security_message(port: 0, data: report);
  exit(0);
}

exit(99);