Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108929
Category:Web application abuses
Title:Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities
Summary:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Description:Summary:
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Apache updated to version 2.4.38 (CVE-2019-0211)

- Webfile viewer disabled for non-admin users (CVE-2019-9949)

- Removed remember-me mechanism from login page

- Resolved authenticated arbitrary file operation and authenticated command injection vulnerabilities

- Added protection against file patht raversal

- Resolved authentication bypass vulnerability

- Mitigation added for user session hijacking

- Added protection against cookie modification vulnerabilities

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.31.183.

Solution:
Update to firmware version 2.31.183 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-0211
BugTraq ID: 107666
http://www.securityfocus.com/bid/107666
Bugtraq: 20190403 [SECURITY] [DSA 4422-1] apache2 security update (Google Search)
https://seclists.org/bugtraq/2019/Apr/5
Bugtraq: 20190407 [slackware-security] httpd (SSA:2019-096-01) (Google Search)
https://seclists.org/bugtraq/2019/Apr/16
Debian Security Information: DSA-4422 (Google Search)
https://www.debian.org/security/2019/dsa-4422
https://www.exploit-db.com/exploits/46676/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
https://security.gentoo.org/glsa/201904-20
http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html
http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html
http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html
http://www.apache.org/dist/httpd/CHANGES_2.4.39
https://httpd.apache.org/security/vulnerabilities_24.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/02/3
http://www.openwall.com/lists/oss-security/2019/07/26/7
RedHat Security Advisories: RHBA-2019:0959
https://access.redhat.com/errata/RHBA-2019:0959
RedHat Security Advisories: RHSA-2019:0746
https://access.redhat.com/errata/RHSA-2019:0746
RedHat Security Advisories: RHSA-2019:0980
https://access.redhat.com/errata/RHSA-2019:0980
RedHat Security Advisories: RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1296
RedHat Security Advisories: RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1297
RedHat Security Advisories: RHSA-2019:1543
https://access.redhat.com/errata/RHSA-2019:1543
SuSE Security Announcement: openSUSE-SU-2019:1190 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
SuSE Security Announcement: openSUSE-SU-2019:1209 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
SuSE Security Announcement: openSUSE-SU-2019:1258 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
https://usn.ubuntu.com/3937-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9949
https://bnbdr.github.io/posts/wd/
https://github.com/bnbdr/wd-rce/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.