CVE-2022-29839 — Insufficiently Protected Credentials in Digital MY Cloud

CWE-522 — Insufficiently Protected Credentials2 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Western Digital MY Cloud Westerndigital MY Cloud OS

Timeline

PublishedDec 9

Description

Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker who has gained access to a relevant endpoint to use that information to access protected data. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5western_digital/my_cloudMy Cloud — 5.25.124

▶NVDwesterndigital/my_cloud_os< 5.25.124

🔴Vulnerability Details

GHSA

GHSA-r2p3-rmqj-8988: Insufficiently Protected Credentials vulnerability in the remote backups application on Western Digital My Cloud devices that could allow an attacker↗2022-12-09

▶