{"containers": {"cna": {"affected": [{"platforms": ["Linux"], "product": "My Cloud", "vendor": "Western Digital", "versions": [{"lessThan": "5.23.114", "status": "affected", "version": "My Cloud OS 5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an \"SSL\" context instead of \"TLS\" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-757", "description": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T18:46:02.000Z", "orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"}], "solutions": [{"lang": "en", "value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."}], "source": {"discovery": "UNKNOWN"}, "title": "Weak Default SSL use in Port Forwarding Service", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@wdc.com", "ID": "CVE-2022-23000", "STATE": "PUBLIC", "TITLE": "Weak Default SSL use in Port Forwarding Service"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "My Cloud", "version": {"version_data": [{"platform": "Linux", "version_affected": "<", "version_name": "My Cloud OS 5", "version_value": "5.23.114"}]}}]}, "vendor_name": "Western Digital"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an \"SSL\" context instead of \"TLS\" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')"}]}]}, "references": {"reference_data": [{"name": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114", "refsource": "MISC", "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"}]}, "solution": [{"lang": "en", "value": "To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification."}], "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:28:43.001Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"}]}]}, "cveMetadata": {"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "cveId": "CVE-2022-23000", "datePublished": "2022-07-25T18:46:02.000Z", "dateReserved": "2022-01-10T00:00:00.000Z", "dateUpdated": "2024-08-03T03:28:43.001Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "20F89970-BE6B-4D54-B507-DBC44B1FD14F", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB474374-298B-4A60-AB5C-C7422EF7FB57", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB3A72C6-7461-4916-B443-C3332AC458C1", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69DC6E33-18F7-45D7-9169-FA8888E74A7B", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9226338-8147-4C13-8556-BA5FA55FDD26", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDE68BF0-E806-40BB-862F-C440CA151A73", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1EB1A9E9-1DC9-40F9-8606-D5BAC39FB651", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17E97D4A-8015-4FEB-8450-ED8C70D4E702", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA960F88-8DB3-4A9C-9303-51ED5FAF1A7A", "versionEndExcluding": "5.23.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A9EE86B-05EE-4F2E-A912-624DDCF9C41B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an \"SSL\" context instead of \"TLS\" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability."}, {"lang": "es", "value": "La aplicaci\u00f3n web Western Digital My Cloud [https://os5.mycloud.com/] usa un SSLContext d\u00e9bil cuando intenta configurar reglas de reenv\u00edo de puertos. Esto fue habilitado para mantener la compatibilidad con routers dom\u00e9sticos antiguos o anticuados. Al usar un contexto \"SSL\" en lugar de \"TLS\" o especificar una comprobaci\u00f3n m\u00e1s fuerte, son permitidos protocolos obsoletos o no seguros. Como resultado, un usuario local no privilegiado puede explotar esta vulnerabilidad y poner en peligro la integridad, confidencialidad y autenticidad de la informaci\u00f3n transmitida. El alcance del impacto no puede extenderse a otros componentes y no es requerida ninguna entrada del usuario para explotar esta vulnerabilidad"}], "id": "CVE-2022-23000", "lastModified": "2024-11-21T06:47:46.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.7, "source": "psirt@wdc.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-25T19:15:30.787", "references": [{"source": "psirt@wdc.com", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-757"}], "source": "psirt@wdc.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}