English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.117567
Category:General
Title:Western Digital My Cloud Multiple Products 5.0 < 5.15.106 Unauthorized Access Vulnerability (WDC-21009)
Summary:Multiple Western Digital My Cloud products are prone to a; vulnerability that could allow unauthorized access via SSH.
Description:Summary:
Multiple Western Digital My Cloud products are prone to a
vulnerability that could allow unauthorized access via SSH.

Vulnerability Insight:
My Cloud devices were using weak 1024-bit DSA keys that could
allow the device to be impersonated. This could lead to credential theft, which might eventually
cause a device compromise. However, since RSA keys are the default for modern SSH clients, the
impact of this vulnerability is limited to older SSH clients or if an attacker blocks a client
from using RSA keys. My Cloud Firmware 5.15.106 contains updates to harden the SSH configuration
and improve the security of the My Cloud devices.

Affected Software/OS:
Western Digital My Cloud PR2100, My Cloud PR4100, My Cloud EX2
Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud Mirror Gen 2, My Cloud DL2100, My Cloud DL4100,
My Cloud (P/N: WDBCTLxxxxxx-10) and WD Cloud (Japan) with firmware versions prior to 5.15.106.

Solution:
Update to firmware version 5.15.106 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-4000
http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
BugTraq ID: 74733
http://www.securityfocus.com/bid/74733
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc
http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727
http://support.apple.com/kb/HT204941
http://support.apple.com/kb/HT204942
http://support.citrix.com/article/CTX201114
http://www-01.ibm.com/support/docview.wss?uid=swg21959111
http://www-01.ibm.com/support/docview.wss?uid=swg21959195
http://www-01.ibm.com/support/docview.wss?uid=swg21959325
http://www-01.ibm.com/support/docview.wss?uid=swg21959453
http://www-01.ibm.com/support/docview.wss?uid=swg21959481
http://www-01.ibm.com/support/docview.wss?uid=swg21959517
http://www-01.ibm.com/support/docview.wss?uid=swg21959530
http://www-01.ibm.com/support/docview.wss?uid=swg21959539
http://www-01.ibm.com/support/docview.wss?uid=swg21959636
http://www-01.ibm.com/support/docview.wss?uid=swg21959812
http://www-01.ibm.com/support/docview.wss?uid=swg21960191
http://www-01.ibm.com/support/docview.wss?uid=swg21961717
http://www-01.ibm.com/support/docview.wss?uid=swg21962455
http://www-01.ibm.com/support/docview.wss?uid=swg21962739
http://www-304.ibm.com/support/docview.wss?uid=swg21958984
http://www-304.ibm.com/support/docview.wss?uid=swg21959132
http://www-304.ibm.com/support/docview.wss?uid=swg21960041
http://www-304.ibm.com/support/docview.wss?uid=swg21960194
http://www-304.ibm.com/support/docview.wss?uid=swg21960380
http://www-304.ibm.com/support/docview.wss?uid=swg21960418
http://www-304.ibm.com/support/docview.wss?uid=swg21962816
http://www-304.ibm.com/support/docview.wss?uid=swg21967893
http://www.fortiguard.com/advisory/2015-05-20-logjam-attack
http://www.mozilla.org/security/announce/2015/mfsa2015-70.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm
https://bto.bluecoat.com/security-advisory/sa98
https://bugzilla.mozilla.org/show_bug.cgi?id=1138554
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://kc.mcafee.com/corporate/index?page=content&id=SB10122
https://openssl.org/news/secadv/20150611.txt
https://puppet.com/security/cve/CVE-2015-4000
https://security.netapp.com/advisory/ntap-20150619-0001/
https://support.citrix.com/article/CTX216642
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us
https://www-304.ibm.com/support/docview.wss?uid=swg21959745
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403
https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://www.openssl.org/news/secadv_20150611.txt
https://www.suse.com/security/cve/CVE-2015-4000.html
Debian Security Information: DSA-3287 (Google Search)
http://www.debian.org/security/2015/dsa-3287
Debian Security Information: DSA-3300 (Google Search)
http://www.debian.org/security/2015/dsa-3300
Debian Security Information: DSA-3316 (Google Search)
http://www.debian.org/security/2015/dsa-3316
Debian Security Information: DSA-3324 (Google Search)
http://www.debian.org/security/2015/dsa-3324
Debian Security Information: DSA-3339 (Google Search)
http://www.debian.org/security/2015/dsa-3339
Debian Security Information: DSA-3688 (Google Search)
http://www.debian.org/security/2016/dsa-3688
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html
https://security.gentoo.org/glsa/201506-02
https://security.gentoo.org/glsa/201512-10
https://security.gentoo.org/glsa/201603-11
https://security.gentoo.org/glsa/201701-46
HPdes Security Advisory: HPSBGN03351
http://marc.info/?l=bugtraq&m=143557934009303&w=2
HPdes Security Advisory: HPSBGN03361
http://marc.info/?l=bugtraq&m=143628304012255&w=2
HPdes Security Advisory: HPSBGN03362
http://marc.info/?l=bugtraq&m=143558092609708&w=2
HPdes Security Advisory: HPSBGN03373
http://marc.info/?l=bugtraq&m=143655800220052&w=2
HPdes Security Advisory: HPSBGN03399
http://marc.info/?l=bugtraq&m=144060576831314&w=2
HPdes Security Advisory: HPSBGN03402
http://marc.info/?l=bugtraq&m=144069189622016&w=2
HPdes Security Advisory: HPSBGN03404
http://marc.info/?l=bugtraq&m=144050121701297&w=2
HPdes Security Advisory: HPSBGN03405
http://marc.info/?l=bugtraq&m=144060606031437&w=2
HPdes Security Advisory: HPSBGN03407
http://marc.info/?l=bugtraq&m=144102017024820&w=2
HPdes Security Advisory: HPSBGN03411
http://marc.info/?l=bugtraq&m=144061542602287&w=2
HPdes Security Advisory: HPSBGN03533
http://marc.info/?l=bugtraq&m=145409266329539&w=2
HPdes Security Advisory: HPSBMU03345
http://marc.info/?l=bugtraq&m=144043644216842&w=2
HPdes Security Advisory: HPSBMU03356
http://marc.info/?l=bugtraq&m=143506486712441&w=2
HPdes Security Advisory: HPSBMU03401
http://marc.info/?l=bugtraq&m=144104533800819&w=2
HPdes Security Advisory: HPSBUX03363
http://marc.info/?l=bugtraq&m=143637549705650&w=2
HPdes Security Advisory: HPSBUX03388
http://marc.info/?l=bugtraq&m=143880121627664&w=2
HPdes Security Advisory: HPSBUX03512
http://marc.info/?l=bugtraq&m=144493176821532&w=2
HPdes Security Advisory: SSRT102112
https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196
HPdes Security Advisory: SSRT102180
HPdes Security Advisory: SSRT102254
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/
https://weakdh.org/
https://weakdh.org/imperfect-forward-secrecy.pdf
https://www.oracle.com/security-alerts/cpujan2021.html
http://openwall.com/lists/oss-security/2015/05/20/8
NETBSD Security Advisory: NetBSD-SA2015-008
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
RedHat Security Advisories: RHSA-2015:1072
http://rhn.redhat.com/errata/RHSA-2015-1072.html
RedHat Security Advisories: RHSA-2015:1185
http://rhn.redhat.com/errata/RHSA-2015-1185.html
RedHat Security Advisories: RHSA-2015:1197
http://rhn.redhat.com/errata/RHSA-2015-1197.html
RedHat Security Advisories: RHSA-2015:1228
http://rhn.redhat.com/errata/RHSA-2015-1228.html
RedHat Security Advisories: RHSA-2015:1229
http://rhn.redhat.com/errata/RHSA-2015-1229.html
RedHat Security Advisories: RHSA-2015:1230
http://rhn.redhat.com/errata/RHSA-2015-1230.html
RedHat Security Advisories: RHSA-2015:1241
http://rhn.redhat.com/errata/RHSA-2015-1241.html
RedHat Security Advisories: RHSA-2015:1242
http://rhn.redhat.com/errata/RHSA-2015-1242.html
RedHat Security Advisories: RHSA-2015:1243
http://rhn.redhat.com/errata/RHSA-2015-1243.html
RedHat Security Advisories: RHSA-2015:1485
http://rhn.redhat.com/errata/RHSA-2015-1485.html
RedHat Security Advisories: RHSA-2015:1486
http://rhn.redhat.com/errata/RHSA-2015-1486.html
RedHat Security Advisories: RHSA-2015:1488
http://rhn.redhat.com/errata/RHSA-2015-1488.html
RedHat Security Advisories: RHSA-2015:1526
http://rhn.redhat.com/errata/RHSA-2015-1526.html
RedHat Security Advisories: RHSA-2015:1544
http://rhn.redhat.com/errata/RHSA-2015-1544.html
RedHat Security Advisories: RHSA-2015:1604
http://rhn.redhat.com/errata/RHSA-2015-1604.html
RedHat Security Advisories: RHSA-2016:1624
http://rhn.redhat.com/errata/RHSA-2016-1624.html
RedHat Security Advisories: RHSA-2016:2056
http://rhn.redhat.com/errata/RHSA-2016-2056.html
http://www.securitytracker.com/id/1032474
http://www.securitytracker.com/id/1032475
http://www.securitytracker.com/id/1032476
http://www.securitytracker.com/id/1032637
http://www.securitytracker.com/id/1032645
http://www.securitytracker.com/id/1032647
http://www.securitytracker.com/id/1032648
http://www.securitytracker.com/id/1032649
http://www.securitytracker.com/id/1032650
http://www.securitytracker.com/id/1032651
http://www.securitytracker.com/id/1032652
http://www.securitytracker.com/id/1032653
http://www.securitytracker.com/id/1032654
http://www.securitytracker.com/id/1032655
http://www.securitytracker.com/id/1032656
http://www.securitytracker.com/id/1032688
http://www.securitytracker.com/id/1032699
http://www.securitytracker.com/id/1032702
http://www.securitytracker.com/id/1032727
http://www.securitytracker.com/id/1032759
http://www.securitytracker.com/id/1032777
http://www.securitytracker.com/id/1032778
http://www.securitytracker.com/id/1032783
http://www.securitytracker.com/id/1032784
http://www.securitytracker.com/id/1032856
http://www.securitytracker.com/id/1032864
http://www.securitytracker.com/id/1032865
http://www.securitytracker.com/id/1032871
http://www.securitytracker.com/id/1032884
http://www.securitytracker.com/id/1032910
http://www.securitytracker.com/id/1032932
http://www.securitytracker.com/id/1032960
http://www.securitytracker.com/id/1033019
http://www.securitytracker.com/id/1033064
http://www.securitytracker.com/id/1033065
http://www.securitytracker.com/id/1033067
http://www.securitytracker.com/id/1033208
http://www.securitytracker.com/id/1033209
http://www.securitytracker.com/id/1033210
http://www.securitytracker.com/id/1033222
http://www.securitytracker.com/id/1033341
http://www.securitytracker.com/id/1033385
http://www.securitytracker.com/id/1033416
http://www.securitytracker.com/id/1033430
http://www.securitytracker.com/id/1033433
http://www.securitytracker.com/id/1033513
http://www.securitytracker.com/id/1033760
http://www.securitytracker.com/id/1033891
http://www.securitytracker.com/id/1033991
http://www.securitytracker.com/id/1034087
http://www.securitytracker.com/id/1034728
http://www.securitytracker.com/id/1034884
http://www.securitytracker.com/id/1036218
http://www.securitytracker.com/id/1040630
SuSE Security Announcement: SUSE-SU-2015:1143 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html
SuSE Security Announcement: SUSE-SU-2015:1150 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:1177 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html
SuSE Security Announcement: SUSE-SU-2015:1181 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html
SuSE Security Announcement: SUSE-SU-2015:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html
SuSE Security Announcement: SUSE-SU-2015:1183 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html
SuSE Security Announcement: SUSE-SU-2015:1184 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html
SuSE Security Announcement: SUSE-SU-2015:1185 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
SuSE Security Announcement: SUSE-SU-2015:1268 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
SuSE Security Announcement: SUSE-SU-2015:1269 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
SuSE Security Announcement: SUSE-SU-2015:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html
SuSE Security Announcement: SUSE-SU-2015:1320 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html
SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
SuSE Security Announcement: SUSE-SU-2015:1581 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
SuSE Security Announcement: SUSE-SU-2015:1663 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html
SuSE Security Announcement: SUSE-SU-2016:0224 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
SuSE Security Announcement: SUSE-SU-2016:0262 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
SuSE Security Announcement: openSUSE-SU-2015:1139 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html
SuSE Security Announcement: openSUSE-SU-2015:1209 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html
SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
SuSE Security Announcement: openSUSE-SU-2015:1277 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
SuSE Security Announcement: openSUSE-SU-2015:1288 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html
SuSE Security Announcement: openSUSE-SU-2015:1289 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html
SuSE Security Announcement: openSUSE-SU-2015:1684 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html
SuSE Security Announcement: openSUSE-SU-2016:0226 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
SuSE Security Announcement: openSUSE-SU-2016:0255 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
SuSE Security Announcement: openSUSE-SU-2016:0261 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
SuSE Security Announcement: openSUSE-SU-2016:0478 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html
SuSE Security Announcement: openSUSE-SU-2016:0483 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html
http://www.ubuntu.com/usn/USN-2656-1
http://www.ubuntu.com/usn/USN-2656-2
http://www.ubuntu.com/usn/USN-2673-1
http://www.ubuntu.com/usn/USN-2696-1
http://www.ubuntu.com/usn/USN-2706-1
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.