fkie_nvd - fkie_cve-2022-36331

fkie_cve-2022-36331

Vulnerability from fkie_nvd

Published

2023-06-12 18:15

Modified

2024-11-21 07:12

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

References

URL	Tags
psirt@wdc.com	https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update	Broken Link
nvd@nist.gov	https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update	Broken Link

Impacted products

Vendor	Product	Version
westerndigital	my_cloud_pr2100_firmware	*
westerndigital	my_cloud_pr2100	-
westerndigital	my_cloud_pr4100_firmware	*
westerndigital	my_cloud_pr4100	-
westerndigital	my_cloud_ex4100_firmware	*
westerndigital	my_cloud_ex4100	-
westerndigital	my_cloud_ex2_ultra_firmware	*
westerndigital	my_cloud_ex2_ultra	-
westerndigital	my_cloud_mirror_g2_firmware	*
westerndigital	my_cloud_mirror_g2	-
westerndigital	my_cloud_dl2100_firmware	*
westerndigital	my_cloud_dl2100	-
westerndigital	my_cloud_dl4100_firmware	*
westerndigital	my_cloud_dl4100	-
westerndigital	my_cloud_ex2100_firmware	*
westerndigital	my_cloud_ex2100	-
westerndigital	my_cloud_home_firmware	*
westerndigital	my_cloud_home	-
westerndigital	my_cloud_home_duo_firmware	*
westerndigital	my_cloud_home_duo	-
westerndigital	sandisk_ibi_firmware	*
westerndigital	sandisk_ibi	-
westerndigital	my_cloud_firmware	*
westerndigital	my_cloud	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B66F84E3-4B1F-4359-9CB9-C4DA88012CBC",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41816E5B-6A6F-47AF-8EB3-065CEAE2F905",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B95A4FC-8694-42CA-8F12-0EB42A596B2C",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CF78188-7B7B-4672-8553-34616F21E740",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BDE1153-A1A1-495C-BADA-409721BBC3F3",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AE31BDF-EF2A-4A9F-AFEA-EDA4125598D4",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9AC1B82-BDCC-42F6-AFCF-BDC036EDBA23",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71600FC4-BF21-4BA4-BC67-DC9EA43920DC",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0D7EFC-04BD-467F-89A8-50A5E6541F75",
              "versionEndExcluding": "8.13.1-102",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19584F79-F6AD-4348-A420-D6D7634C678B",
              "versionEndExcluding": "8.13.1-102",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "470DB475-1C91-43F7-A0E1-0B38FEC6AAA3",
              "versionEndExcluding": "8.13.1-102",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0CF5DA-8CEC-4E0C-864F-D18B79F92E0F",
              "versionEndExcluding": "5.25.132",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data.\nThis issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.\n\n"
    }
  ],
  "id": "CVE-2022-36331",
  "lastModified": "2024-11-21T07:12:48.703",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "psirt@wdc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-12T18:15:09.747",
  "references": [
    {
      "source": "psirt@wdc.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update"
    }
  ],
  "sourceIdentifier": "psirt@wdc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "psirt@wdc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-36331 (GCVE-0-2022-36331)

Vulnerability from cvelistv5

Published

2023-06-12 17:57

Modified

2025-01-03 14:48

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-290 - Authentication Bypass by Spoofing

Summary

References

►

URL

Tags

https://https://www.westerndigital.com/support/product-security/wdc-22020-my-cloud-os-5-my-cloud-home-ibi-firmware-update

Impacted products

Vendor

Product

Version

►

Western Digital

My Cloud OS 5

Version: 0 < 5.25.132

	Western Digital	My Cloud Home and My Cloud Home Duo	Version: 0 < 8.13.1-102
	SanDisk	ibi	Version: 0 < 8.13.1-102

Show details on NVD website