Lucene search

WDC PSIRTCVELIST:CVE-2022-29839

HistoryDec 09, 2022 - 12:00 a.m.

CVE-2022-29839 Remote Backups Application Discloses Stored Credentials

2022-12-0900:00:00

CWE-522

WDC PSIRT

www.cve.org

cve-2022-29839

insufficiently protected credentials

remote backups application

western digital my cloud

vulnerability

stored credentials

linux

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

12.7%

JSON

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

CNA Affected

[
  {
    "vendor": "Western Digital",
    "product": "My Cloud",
    "versions": [
      {
        "version": "My Cloud",
        "status": "affected",
        "lessThan": "5.25.124",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Linux"
    ]
  }
]

References

www.westerndigital.com/support/product-security/wdc-22019-my-cloud-firmware-version-5-25-124

CVSS3

4.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2022-29839