Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Published

2022-09-27T23:15:12.720

Last Modified

2024-11-21T06:47:47.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 1.8 (LOW)

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	westerndigital	my_cloud_home_firmware	< 8.10.0-117	Yes
Hardware	westerndigital	my_cloud_home	-	No
Operating System	westerndigital	my_cloud_home_duo_firmware	< 8.10.0-117	Yes
Hardware	westerndigital	my_cloud_home_duo	-	No
Operating System	westerndigital	sandisk_ibi_firmware	< 8.10.0-117	Yes
Hardware	westerndigital	sandisk_ibi	-	No

References

https://nvd.nist.gov/vuln/detail/CVE-2022-23006 Third Party Advisory, US Government Resource ([email protected])
https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117 Vendor Advisory ([email protected])
https://nvd.nist.gov/vuln/detail/CVE-2022-23006 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)