Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWDC PSIRTCVE-2023-22814
HistoryJul 01, 2023 - 12:15 a.m.

CVE-2023-22814

2023-07-0100:15:09
CWE-290
WDC PSIRT
web.nvd.nist.gov
9
cve-2023-22814
authentication bypass
spoofing
my cloud
os 5
security issue
nvd

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

62.4%

JSON

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack.

This issue affects My Cloud OS 5 devices: before 5.26.202.

Affected configurations

Nvd
Node
westerndigitalmy_cloudMatch-
OR
westerndigitalmy_cloud_dl2100Match-
OR
westerndigitalmy_cloud_dl4100Match-
OR
westerndigitalmy_cloud_ex2_ultraMatch-
OR
westerndigitalmy_cloud_ex2100Match-
OR
westerndigitalmy_cloud_ex4100Match-
OR
westerndigitalmy_cloud_mirror_g2Match-
OR
westerndigitalmy_cloud_pr2100Match-
OR
westerndigitalmy_cloud_pr4100Match-
OR
westerndigitalwd_cloudMatch-
AND
westerndigitalmy_cloud_osRange5.02.1045.26.202
VendorProductVersionCPE
westerndigitalmy_cloud-cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_dl2100-cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_dl4100-cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2_ultra-cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex2100-cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_ex4100-cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_mirror_g2-cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr2100-cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*
westerndigitalmy_cloud_pr4100-cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*
westerndigitalwd_cloud-cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.26.202",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Related

nvd 1
prion 1
cvelist 1
openvas 1
nvd
nvd
CVE-2023-22814
2023-07-01 00:15:09
prion
prion
Authentication flaw
2023-07-01 00:15:00
cvelist
cvelist
CVE-2023-22814 Authentication Bypass issue in My Cloud OS 5 devices
2023-06-30 23:05:43
openvas
openvas
Western Digital My Cloud Multiple Products 5.x < 5.26.202 Multiple Vulnerabilities (WDC-23006, WDC-23009)
2023-05-19 00:00:00

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

62.4%

JSON
Related for CVE-2023-22814
nvd1prion1cvelist1openvas1