Buffer Overflow Vulnerability in Western Digital My Cloud Home Products and SanDisk ibi
CVE-2022-23006

1.8LOW

Key Information:

Vendor: Western Digital
Status: My Cloud Home; My Cloud Home Duo; Ibi
Vendor: CVE Published:; 27 September 2022

🔔 Create Western Digital Vulnerability Alert

What is CVE-2022-23006?

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ibi Linux 8.10.0-117

My Cloud Home Duo Linux 8.10.0-117

My Cloud Home Linux 8.10.0-117

References

https://nvd.nist.gov/vuln/detail/CVE-2022-23006

x_refsource_MISC

CVSS V3.1

Score:

1.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 27, 2022
Vulnerability Reserved
Jan 10, 2022

JSON

Western Digital