CVE-2022-23006
6.7
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Exploitability: 0.8 / Impact: 5.9
Source: NVD
Description
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
Affected (3)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.10.0-117 |
| Running on/with | Platform Versions |
|---|---|
Westerndigital My Cloud Home | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.10.0-117 |
| Running on/with | Platform Versions |
|---|---|
Westerndigital My Cloud Home Duo | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 8.10.0-117 |
| Running on/with | Platform Versions |
|---|---|
Westerndigital Sandisk Ibi | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (3)
Source: psirt@wdc.com
Third Party AdvisoryUS Government Resource
Source: nvd@nist.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Timeline
No history available yet.