CVE-2022-23000
Last modified
CVE-2022-23000 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Westerndigital | My Cloud Pr2100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Pr4100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Ex4100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Ex2 Ultra Firmware | < 5.23.114 |
| Westerndigital | My Cloud Mirror G2 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Dl2100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Dl4100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Ex2100 Firmware | < 5.23.114 |
| Westerndigital | My Cloud Firmware | < 5.23.114 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23000?
How severe is CVE-2022-23000?
How do I fix CVE-2022-23000?
Are you affected by CVE-2022-23000?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST