Chris Hernandez

**Name of the Vulnerable Software and Affected Versions** Microsoft Azure Site Recovery (affected versions not specified) **Description** The issue is related to insufficient access control in Microsoft Azure Site Recovery, which can be exploited to bypass existing security restrictions and elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud OS 5 versions prior to 5.10.122 Description: The issue is related to the mishandling of Symbolic Link Following on SMB and AFP shares. This can lead to code execution and information disclosure by reading local files. The vulnerability is associated with incorrect processing of symbolic links in the implementation of network protocols SMB and AFP in My Cloud OS. Recommendations: For Western Digital My Cloud OS 5 versions prior to 5.10.122, update to version 5.10.122 or later to resolve the issue. As a temporary workaround, consider restricting access to SMB and AFP shares to minimize the risk of exploitation. Avoid using SMB and AFP shares until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cryoserver Security Appliance version 7.3.x **Description** The issue concerns weak permissions for the /etc/init.d/cryoserver file, allowing local users to escalate privileges. This can be achieved by accessing the support account and executing the /bin/cryo-mgmt program. **Recommendations** For Cryoserver Security Appliance version 7.3.x, consider restricting access to the /etc/init.d/cryoserver file and the /bin/cryo-mgmt program to prevent privilege escalation. Additionally, review and secure the support account to minimize the risk of exploitation.