CVE-2015-7709

Name of the Vulnerable Software and Affected Versions Western Digital Arkeia versions 11.0.12 and earlier

Description The issue is related to insufficient access control in the arkeiad daemon of the Arkeia Backup Agent, allowing remote attackers to bypass authentication. Attackers can execute arbitrary commands by sending a series of crafted requests involving the ARKFS EXEC CMD operation.

Recommendations For Western Digital Arkeia versions 11.0.12 and earlier, consider restricting access to the arkeiad daemon to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the ARKFS EXEC CMD operation in the affected daemon until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.