CVE-2022-36329 - OpenCVE

An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Westerndigital	My Cloud Home My Cloud Home Duo My Cloud Home Duo Firmware My Cloud Home Firmware Sandisk Ibi Sandisk Ibi Firmware

Configuration 1 [-]

AND

cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*

cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191

History

No history.

MITRE

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2023-05-10T19:23:29.702Z

Updated: 2024-08-03T10:00:04.370Z

Reserved: 2022-07-20T13:57:56.405Z

Link: CVE-2022-36329

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-10T20:15:09.530

Modified: 2023-05-18T21:20:43.717

Link: CVE-2022-36329

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-36329", "assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "state": "PUBLISHED", "assignerShortName": "WDC PSIRT", "dateReserved": "2022-07-20T13:57:56.405Z", "datePublished": "2023-05-10T19:23:29.702Z", "dateUpdated": "2024-08-03T10:00:04.370Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "My Cloud Home and My Cloud Home Duo", "vendor": "Western Digital", "versions": [{"lessThan": "9.4.0-191", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "ibi", "vendor": "SanDisk", "versions": [{"lessThan": "9.4.0-191", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.<p>This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.</p>"}], "value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT", "dateUpdated": "2023-05-10T22:07:39.132Z"}, "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><p>All devices will be automatically updated to reflect the latest firmware version.</p></div></div><div><div><div></div></div></div>"}], "value": "All devices will be automatically updated to reflect the latest firmware version.\n\n\n\n\n\n\n\n\n\n\n\n"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial of Service over OTA mechanism in Western Digital My Cloud Home and ibi devices", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.370Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D471C39A-0854-4755-9DF8-5BAABAB09619", "versionEndExcluding": "9.4.0-191", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*", "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A0368E6-53C8-4BD2-B0E8-44464B245832", "versionEndExcluding": "9.4.0-191", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*", "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13A2FB91-CCCF-42B1-BCE1-F4962D353593", "versionEndExcluding": "9.4.0-191", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.\n\n"}], "id": "CVE-2022-36329", "lastModified": "2023-05-18T21:20:43.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "psirt@wdc.com", "type": "Secondary"}]}, "published": "2023-05-10T20:15:09.530", "references": [{"source": "psirt@wdc.com", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"}], "sourceIdentifier": "psirt@wdc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@wdc.com", "type": "Secondary"}]}