Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-22815

Published: 30/06/2023 Updated: 28/08/2023
CVSS v3 Base Score: 6.7 | Impact Score: 5.5 | Exploitability Score: 1.2
VMScore: 0
Subscribe to My Cloud Os

Vulnerability Summary

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have admin/root privileges to carry out the exploit. An authentication bypass is required for this exploit, thereby making it more complex. The attack may not require user interaction. Since an attacker must already be authenticated, the confidentiality impact is low while the integrity and availability impact is high.  This issue affects My Cloud OS 5 devices: prior to 5.26.300.

Vulnerable Product Search on Vulmon Subscribe to Product

westerndigital my_cloud_os

References

CWE-77https://www.westerndigital.com/support/product-security/wdc-23010-my-cloud-firmware-version-5-26-300https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook