Lucene search

[email protected]CVE-2023-22819

HistoryFeb 05, 2024 - 10:15 p.m.

CVE-2023-22819

2024-02-0522:15:55

CWE-400

[email protected]

web.nvd.nist.gov

cve-2023-22819

uncontrolled resource consumption

vulnerability

western digital

my cloud home

my cloud home duo

sandisk ibi

my cloud os 5

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.1%

JSON

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.

Affected configurations

NVD

Node

westerndigitalmy_cloud_pr4100Match-

AND

westerndigitalmy_cloud_pr4100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_ex4100Match-

AND

westerndigitalmy_cloud_ex4100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_ex2_ultraMatch-

AND

westerndigitalmy_cloud_ex2_ultra_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_mirror_g2Match-

AND

westerndigitalmy_cloud_mirror_g2_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_dl2100Match-

AND

westerndigitalmy_cloud_dl2100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_dl4100Match-

AND

westerndigitalmy_cloud_dl4100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_ex2100Match-

AND

westerndigitalmy_cloud_ex2100_firmwareRange<5.27.161

Node

westerndigitalmy_cloud_glacierMatch-

AND

westerndigitalmy_cloud_glacier_firmwareRange<5.27.161

Node

westerndigitalwd_cloud_firmwareRange<5.27.161

AND

westerndigitalwd_cloudMatch-

Node

westerndigitalmy_cloud_home_firmwareRange<9.5.1-104

AND

westerndigitalmy_cloud_homeMatch-

Node

westerndigitalmy_cloud_home_duo_firmwareRange<9.5.1-104

AND

westerndigitalmy_cloud_home_duoMatch-

Node

westerndigitalsandisk_ibi_firmwareRange<9.5.1-104

AND

westerndigitalsandisk_ibiMatch-

CPENameOperatorVersion
westerndigital:my_cloud_pr4100_firmwarewesterndigital my cloud pr4100 firmwarelt5.27.161

CPE	Name	Operator	Version
westerndigital:my_cloud_pr4100_firmware	westerndigital my cloud pr4100 firmware	lt	5.27.161

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud OS 5",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "5.27.161",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "My Cloud Home & Duo",
    "vendor": "Western Digital",
    "versions": [
      {
        "lessThan": "9.5.1-104",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "ibi",
    "vendor": "SanDisk",
    "versions": [
      {
        "lessThan": "9.5.1-104",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]