PT-2024-1673 · Western Digital+1 · Western Digital My Cloud Os 5+2
S_N_T
+1
·
Published
2024-02-05
·
Updated
2024-09-05
·
CVE-2023-22819
CVSS v2.0
6.1
Medium
| Vector | AV:N/AC:L/Au:M/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Western Digital My Cloud Home versions before 9.5.1-104
Western Digital My Cloud Home Duo versions before 9.5.1-104
SanDisk ibi versions before 9.5.1-104
Western Digital My Cloud OS 5 versions before 5.27.161
Description
An uncontrolled resource consumption issue could arise by sending crafted requests to a service, consuming a large amount of memory and eventually resulting in the service being stopped and restarted. This issue requires the attacker to already have root privileges in order to exploit it. The issue may allow remote attackers to create a denial-of-service condition.
Recommendations
For Western Digital My Cloud Home versions before 9.5.1-104, update to version 9.5.1-104 or later.
For Western Digital My Cloud Home Duo versions before 9.5.1-104, update to version 9.5.1-104 or later.
For SanDisk ibi versions before 9.5.1-104, update to version 9.5.1-104 or later.
For Western Digital My Cloud OS 5 versions before 5.27.161, update to version 5.27.161 or later.
As a temporary workaround, consider restricting access to the vulnerable service to minimize the risk of exploitation.
Fix
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sandisk Ibi
Western Digital My Cloud Home
Western Digital My Cloud Os 5