CVE-2023-22814 — Authentication Bypass by Spoofing in Digital MY Cloud OS 5

CWE-290 — Authentication Bypass by Spoofing2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 76.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Western Digital MY Cloud OS 5 Westerndigital MY Cloud OS

Timeline

PublishedJul 1

Description

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDwesterndigital/my_cloud_os5.02.104 — 5.26.202

▶CVEListV5western_digital/my_cloud_os_5< 5.26.202

🔴Vulnerability Details

GHSA

GHSA-vh8r-vpp8-mfq5: An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an im↗2023-07-01

▶