PT-2022-19869 · Western Digital · Western Digital My Cloud
Published
2022-12-09
·
Updated
2022-12-12
·
CVE-2022-29839
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud versions prior to 5.25.124 on Linux.
Description
The issue is related to an Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices. This could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data.
Recommendations
For Western Digital My Cloud versions prior to 5.25.124 on Linux, update to version 5.25.124 or later to resolve the issue. As a temporary workaround, consider restricting access to the remote backups application to minimize the risk of exploitation.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Western Digital My Cloud