CVE-2022-23000

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud Web App (affected versions not specified)

Description The issue is related to the use of a weak SSLContext in the Western Digital My Cloud Web App when configuring port forwarding rules. This weakness is due to the use of an "SSL" context instead of "TLS" or stronger validation, allowing deprecated or insecure protocols. As a result, a local user without privileges can exploit this weakness, potentially compromising the integrity, confidentiality, and authenticity of transmitted information. The impact is limited to this component, and no user input is required for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.