CVE-2022-36331 — Authentication Bypass by Spoofing in IBI

CWE-290 — Authentication Bypass by Spoofing2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sandisk IBI Western Digital MY Cloud Home AND MY Cloud Home DUO Western Digital MY Cloud OS 5 +12 more

Timeline

PublishedJun 12

Description

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDwesterndigital/my_cloud_home_firmware< 8.13.1-102

▶NVDwesterndigital/my_cloud_home_duo_firmware< 8.13.1-102

▶CVEListV5western_digital/my_cloud_home_and_my_cloud_home_duo< 8.13.1-102

▶CVEListV5western_digital/my_cloud_os_5< 5.25.132

▶NVDwesterndigital/my_cloud_firmware< 5.25.132

🔴Vulnerability Details

GHSA

GHSA-q3w5-whrj-66qg: Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an una↗2023-06-12

▶