Published: 13/01/2022 Updated: 12/10/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 571

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated malicious user to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
westerndigital edgerover

Western Digital tells EdgeRover users to patch app again

The Register • Dan Robinson • 01 Jan 1970

Get our weekly newsletter Critical vulnerability may have allowed an attacker to escalate local privileges

Users of Western Digital's EdgeRover app for Windows and Mac are advised to download an updated version to avoid a security flaw that might allow an attacker unauthorized access to directories and files. The flaw, which was given the CVE identification number CVE-2022-22988, carries a Common Vulnerability Scoring System (CVSS) severity rating of 9.1, making it a critical weakness. It has now been addressed, however, with a modification to the way EdgeRover handles file and directory permissions....

CVE-2022-22988

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect