PT-2019-13351 · Sandisk+1 · Sandisk Ssd Dashboard+1

Published

2019-09-30

Updated

2020-08-24

CVE-2019-13466

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Western Digital SSD Dashboard versions prior to 2.5.1.0 SanDisk SSD Dashboard versions prior to 2.5.1.0

Description The issue is related to Incorrect Access Control. Specifically, the generate reports archive is protected with a hard-coded password, which poses a security risk. An update is available that addresses the protection of archive encryption.

Recommendations For Western Digital SSD Dashboard versions prior to 2.5.1.0, update to version 2.5.1.0 or later to address the issue. For SanDisk SSD Dashboard versions prior to 2.5.1.0, update to version 2.5.1.0 or later to address the issue.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2019-13466

Affected Products

Sandisk Ssd Dashboard

Western Digital Ssd Dashboard

PT-2019-13351 · Sandisk+1 · Sandisk Ssd Dashboard+1

CVE-2019-13466

Weakness Enumeration

Related Identifiers

Affected Products

References · 4