CVE-2022-36329 — Uncontrolled Resource Consumption in IBI

CWE-400 — Uncontrolled Resource Consumption2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 69.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sandisk IBI Western Digital MY Cloud Home AND MY Cloud Home DUO Westerndigital MY Cloud Home DUO Firmware +2 more

Timeline

PublishedMay 10

Description

An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDwesterndigital/my_cloud_home_firmware< 9.4.0-191

▶NVDwesterndigital/my_cloud_home_duo_firmware< 9.4.0-191

▶CVEListV5western_digital/my_cloud_home_and_my_cloud_home_duo< 9.4.0-191

▶NVDwesterndigital/sandisk_ibi_firmware< 9.4.0-191

▶CVEListV5sandisk/ibi< 9.4.0-191

🔴Vulnerability Details

GHSA

GHSA-g7hf-55m7-jhmc: An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digi↗2023-05-10

▶