CVE-2023-22814

Published: Jul 1, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

Affected (1)

Products: Westerndigital: My Cloud Os

Westerndigital

1 product

My Cloud Os

Configuration A

1 vulnerable · 10 platform

Vulnerable Software	Affected Versions
Westerndigital My Cloud Os	From 5.02.104 to 5.26.202

Running on/with	Platform Versions
Westerndigital My Cloud	All versions
Westerndigital My Cloud Dl2100	All versions
Westerndigital My Cloud Dl4100	All versions
Westerndigital My Cloud Ex2100	All versions
Westerndigital My Cloud Ex2 Ultra	All versions
Westerndigital My Cloud Ex4100	All versions
Westerndigital My Cloud Mirror G2	All versions
Westerndigital My Cloud Pr2100	All versions
Westerndigital My Cloud Pr4100	All versions
Westerndigital Wd Cloud	All versions

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

Source: psirt@wdc.com

Vendor Advisory

https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.