CVE-2022-23006
published 2022-09-27CVE-2022-23006: A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker…
PriorityP430medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
EPSS
0.26%
17.5th percentile
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sandisk | ibi | >= 8.10.0-117 < 8.10.0-117 | 8.10.0-117 |
| western_digital | my_cloud_home | >= 8.10.0-117 < 8.10.0-117 | 8.10.0-117 |
| western_digital | my_cloud_home_duo | >= 8.10.0-117 < 8.10.0-117 | 8.10.0-117 |
| westerndigital | my_cloud_home_duo_firmware | < 8.10.0-117 | 8.10.0-117 |
| westerndigital | my_cloud_home_firmware | < 8.10.0-117 | 8.10.0-117 |
| westerndigital | sandisk_ibi_firmware | < 8.10.0-117 | 8.10.0-117 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-27
Published