CVE-2022-23006
Summary
| CVE | CVE-2022-23006 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-09-27 23:15:00 UTC |
| Updated | 2022-10-03 18:40:00 UTC |
| Description | A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Westerndigital | My Cloud Home | - | All | All | All |
| Hardware | Westerndigital | My Cloud Home Duo | - | All | All | All |
| Operating System | Westerndigital | My Cloud Home Duo Firmware | All | All | All | All |
| Operating System | Westerndigital | My Cloud Home Firmware | All | All | All | All |
| Hardware | Westerndigital | Sandisk Ibi | - | All | All | All |
| Operating System | Westerndigital | Sandisk Ibi Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NVD - CVE-2022-23006 | MISC | nvd.nist.gov | |
| WDC-22015 Western Digital My Cloud Home and SanDisk ibi Firmware Version 8.10.0-117 | Western Digital | MISC | www.westerndigital.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.