CVE-2022-23000
Weak Default SSL use in Port Forwarding Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.
La aplicación web Western Digital My Cloud [https://os5.mycloud.com/] usa un SSLContext débil cuando intenta configurar reglas de reenvío de puertos. Esto fue habilitado para mantener la compatibilidad con routers domésticos antiguos o anticuados. Al usar un contexto "SSL" en lugar de "TLS" o especificar una comprobación más fuerte, son permitidos protocolos obsoletos o no seguros. Como resultado, un usuario local no privilegiado puede explotar esta vulnerabilidad y poner en peligro la integridad, confidencialidad y autenticidad de la información transmitida. El alcance del impacto no puede extenderse a otros componentes y no es requerida ninguna entrada del usuario para explotar esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-10 CVE Reserved
- 2022-07-25 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Westerndigital Search vendor "Westerndigital" | My Cloud Pr2100 Firmware Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Pr2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr2100 Search vendor "Westerndigital" for product "My Cloud Pr2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Pr4100 Firmware Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Pr4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Pr4100 Search vendor "Westerndigital" for product "My Cloud Pr4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex4100 Firmware Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex4100 Search vendor "Westerndigital" for product "My Cloud Ex4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex2 Ultra Firmware Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2 Ultra Search vendor "Westerndigital" for product "My Cloud Ex2 Ultra" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Mirror G2 Firmware Search vendor "Westerndigital" for product "My Cloud Mirror G2 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Mirror G2 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Mirror G2 Search vendor "Westerndigital" for product "My Cloud Mirror G2" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Dl2100 Firmware Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Dl2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl2100 Search vendor "Westerndigital" for product "My Cloud Dl2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Dl4100 Firmware Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Dl4100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Dl4100 Search vendor "Westerndigital" for product "My Cloud Dl4100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Ex2100 Firmware Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Ex2100 Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Ex2100 Search vendor "Westerndigital" for product "My Cloud Ex2100" | - | - |
Safe
|
| Westerndigital Search vendor "Westerndigital" | My Cloud Firmware Search vendor "Westerndigital" for product "My Cloud Firmware" | < 5.23.114 Search vendor "Westerndigital" for product "My Cloud Firmware" and version " < 5.23.114" | - |
Affected
| in | Westerndigital Search vendor "Westerndigital" | My Cloud Search vendor "Westerndigital" for product "My Cloud" | - | - |
Safe
|