10
CVE-2022-36331
- EPSS 0.28%
- Published 12.06.2023 18:15:09
- Last modified 21.11.2024 07:12:48
- Source psirt@wdc.com
- Teams watchlist Login
- Open Login
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.
Data is provided by the National Vulnerability Database (NVD)
Westerndigital ≫ My Cloud Pr2100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Pr4100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Ex4100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Ex2 Ultra Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Mirror G2 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Dl2100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Dl4100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Ex2100 Firmware Version < 5.25.132
Westerndigital ≫ My Cloud Home Firmware Version < 8.13.1-102
Westerndigital ≫ My Cloud Home Duo Firmware Version < 8.13.1-102
Westerndigital ≫ Sandisk Ibi Firmware Version < 8.13.1-102
Westerndigital ≫ My Cloud Firmware Version < 5.25.132
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.513 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| psirt@wdc.com | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.