FKIE_CVE-2023-22819

Vulnerability from fkie_nvd - Published: 2024-02-05 22:15 - Updated: 2024-11-21 07:45
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.
References
psirt@wdc.comhttps://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-updateVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-updateVendor Advisory
Impacted products
Vendor Product Version
westerndigital my_cloud_pr4100_firmware *
westerndigital my_cloud_pr4100 -
westerndigital my_cloud_ex4100_firmware *
westerndigital my_cloud_ex4100 -
westerndigital my_cloud_ex2_ultra_firmware *
westerndigital my_cloud_ex2_ultra -
westerndigital my_cloud_mirror_g2_firmware *
westerndigital my_cloud_mirror_g2 -
westerndigital my_cloud_dl2100_firmware *
westerndigital my_cloud_dl2100 -
westerndigital my_cloud_dl4100_firmware *
westerndigital my_cloud_dl4100 -
westerndigital my_cloud_ex2100_firmware *
westerndigital my_cloud_ex2100 -
westerndigital my_cloud_glacier_firmware *
westerndigital my_cloud_glacier -
westerndigital wd_cloud_firmware *
westerndigital wd_cloud -
westerndigital my_cloud_home_firmware *
westerndigital my_cloud_home -
westerndigital my_cloud_home_duo_firmware *
westerndigital my_cloud_home_duo -
westerndigital sandisk_ibi_firmware *
westerndigital sandisk_ibi -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_pr4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD7A6F3E-6031-4123-AEB3-498A37164AFC",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B7F303F-BEA6-4546-B7F3-85937F055C70",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2_ultra_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D626D580-E58A-4B6C-82C7-B9E4EFDD45E6",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2_ultra:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A581EBA-A1F2-4ABC-8183-29973A46FA43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_mirror_g2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA969327-0057-483A-BDEA-48044C2AAFDA",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_g2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE090BC-C847-4DF7-9C5F-52A300845558",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_dl2100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C32A7FB-2EAC-431F-A2AF-033BC56B7548",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E783EBC-7608-4527-B1AD-9B4E7A7A108C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_dl4100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4289EA01-0B97-4628-8658-56C35D328476",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_dl4100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3034F4A-239C-4E38-9BD6-217361A7C519",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_ex2100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "14973F26-4E47-4531-96ED-1F4DE2B90782",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_ex2100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABBBDC1E-2320-4767-B669-1BB2FFB1E1C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_glacier_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC4318FA-0121-4730-9199-3E6E18872B9C",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_glacier:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4725EF2C-5954-45DA-95D1-0A2F8F3E7714",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:wd_cloud_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC132C6A-CA10-431F-AEDE-64979DA8D960",
              "versionEndExcluding": "5.27.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:wd_cloud:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FDE0337-4329-4CE3-9B0B-61BE8361E910",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D90D9B21-6C1A-4FC3-B292-B72BB521E1B6",
              "versionEndExcluding": "9.5.1-104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BE2FBAB-5BA0-4F09-A76E-4A6869668810",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "233200A4-0DDF-4FEE-967B-DDB638D0DBB0",
              "versionEndExcluding": "9.5.1-104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "124BBC79-65A2-465C-B784-D21E57E96F63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4523B737-F58A-4A73-AE74-EAF313AEBDFC",
              "versionEndExcluding": "9.5.1-104",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "296ADA43-16BA-4444-B472-DB945FB917B2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de vulnerabilidad de consumo de recursos no controlado que podr\u00eda surgir al enviar solicitudes manipuladas a un servicio para consumir una gran cantidad de memoria, lo que eventualmente resultar\u00eda en que el servicio se detuviera y reiniciara en los dispositivos Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi y Western Digital My Cloud OS 5. Este problema requiere que el atacante ya tenga privilegios de root para explotar esta vulnerabilidad. Este problema afecta a My Cloud Home y My Cloud Home Duo: antes de la versi\u00f3n 9.5.1-104; ibi: antes de la versi\u00f3n 9.5.1-104; My Cloud OS 5: antes de la versi\u00f3n 5.27.161."
    }
  ],
  "id": "CVE-2023-22819",
  "lastModified": "2024-11-21T07:45:28.917",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "psirt@wdc.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-05T22:15:55.023",
  "references": [
    {
      "source": "psirt@wdc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update"
    }
  ],
  "sourceIdentifier": "psirt@wdc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "psirt@wdc.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.