#VU65773 Algorithm Downgrade in Western Digital products - CVE-2022-23000
Published: July 26, 2022
Vulnerability identifier: #VU65773
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-23000
CWE-ID: CWE-757
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL2100
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud OS 5
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL2100
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud
My Cloud OS 5
Software vendor:
Western Digital
Western Digital
Description
The vulnerability allows a local attacker to bypass certain security restrictions.
The vulnerability exists due to a weak SSLContext when attempting to configure port forwarding rules. A local attacker can jeopardize the integrity, confidentiality and authenticity of information transmitted.
Remediation
Install updates from vendor's website.