Resource exhaustion in Western Digital products - CVE-2023-22819
Published: February 6, 2024 / Updated: February 7, 2024
Vulnerability identifier: #VU86124
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-22819
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL2100
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud (Glacier)
My Cloud Home
My Cloud Home Duo
SanDisk ibi
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror G2
My Cloud DL2100
My Cloud DL4100
My Cloud EX2100
WD Cloud
My Cloud (Glacier)
My Cloud Home
My Cloud Home Duo
SanDisk ibi
Software vendor:
Western Digital
Western Digital
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the RESTSDK server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.