PT-2023-3277 · Sandisk+1 · Sandisk Ibi+3
Noam Moshe
+3
·
Published
2023-03-23
·
Updated
2023-06-21
·
CVE-2022-36331
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud versions prior to 5.25.132
My Cloud Home and My Cloud Home Duo versions prior to 8.13.1-102
SanDisk ibi versions prior to 8.13.1-102
Description
The issue is related to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This is due to an authentication bypass vulnerability, which can be exploited by a remote attacker to access user data and potentially execute arbitrary code.
Recommendations
For Western Digital My Cloud versions prior to 5.25.132, update to version 5.25.132 or later to resolve the issue.
For My Cloud Home and My Cloud Home Duo versions prior to 8.13.1-102, update to version 8.13.1-102 or later to resolve the issue.
For SanDisk ibi versions prior to 8.13.1-102, update to version 8.13.1-102 or later to resolve the issue.
As a temporary workaround, consider restricting access to the devices until a patch is applied.
Fix
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
My Cloud Home
My Cloud Home Duo
Sandisk Ibi
Western Digital My Cloud