Test ID:	1.3.6.1.4.1.25623.1.0.114299
Category:	General
Title:	Western Digital My Cloud Multiple Products 5.x < 5.27.161 Multiple Vulnerabilities (WDC-24001)
Summary:	Multiple Western Digital My Cloud products are prone to; multiple vulnerabilities.
Description:	Summary: Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2023-22817: Addressed a server-side request forgery vulnerability by fixing DNS addresses that refer to loopback. This could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. - CVE-2023-22819: Addressed an uncontrolled resource consumption issue on a particular endpoint that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted. Affected Software/OS: Western Digital My Cloud PR2100, My Cloud PR4100, My Cloud EX2 Ultra, My Cloud EX4100, My Cloud Mirror Gen 2, My Cloud EX2100, My Cloud DL2100, My Cloud DL4100, My Cloud and WD Cloud with firmware prior to version 5.27.161. Solution: Update to firmware version 5.27.161 or later. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-22817 https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update Common Vulnerability Exposure (CVE) ID: CVE-2023-22819
Copyright	Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.