| Description: | Summary:
Multiple Western Digital My Cloud products are prone to
multiple vulnerabilities.
Vulnerability Insight:
The following vulnerabilities exist:
- Updated OpenSSL to version 1.1.1n-0+deb11u5 to resolve CVE-2022-2097, CVE-2022-4304,
CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466,
CVE-2023-2650 that could result in inadequate encryption, app crashes, use-after-free or denial of
service attacks
- Updated Curl to version 7.74.0-1.3+deb11u7 to resolve CVE-2021-22946, CVE-2022-27774,
CVE-2022-32221, CVE-2022-43552, CVE-2023-23916 that could allow an attacker to expose possibly
sensitive data in clear text over the network, obtain sensitive information or leak credentials,
exploit use after free vulnerability or allocate resources without limits
- Updated Avahi to version 0.8-5+deb11u2 to resolve CVE-2021-3468 that could allow a local
attacker to trigger an infinite loop which may result in unavailability of Avahi service
- Updated Samba to version 4.13.13+dfsg-1~
deb11u5 to resolve CVE-2022-2031, CVE-2022-32742,
CVE-2022-32744, CVE-2022-32746 that could allow an attacker to obtain sensitive information, cause
memory leak, or gain unauthorized access
- Updated open-source Kerberos library to version krb5_1.18.3-6+deb11u3 to resolve CVE-2022-42898
that may lead to remote code execution, buffer overflow, or cause a denial of service
- Improved the security posture of FTP Downloads application
Affected Software/OS:
Western Digital My Cloud PR2100, My Cloud PR4100, My Cloud EX2
Ultra, My Cloud EX4100, My Cloud Mirror Gen 2, My Cloud EX2100, My Cloud DL2100, My Cloud DL4100,
My Cloud and WD Cloud with firmware prior to version 5.27.157.
Solution:
Update to firmware version 5.27.157 or later.
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
