6.7
CVE-2022-23006
- EPSS 0.05%
- Published 27.09.2022 23:15:12
- Last modified 21.11.2024 06:47:47
- Source psirt@wdc.com
- Teams watchlist Login
- Open Login
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
Data is provided by the National Vulnerability Database (NVD)
Westerndigital ≫ My Cloud Home Firmware Version < 8.10.0-117
Westerndigital ≫ My Cloud Home Duo Firmware Version < 8.10.0-117
Westerndigital ≫ Sandisk Ibi Firmware Version < 8.10.0-117
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.171 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 0.8 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| psirt@wdc.com | 1.8 | 0.3 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.