CVE-2023-22812: SanDisk PrivateAccess Deprecated TLS protocol versions supported
First published: Fri Mar 24 2023(Updated: )
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Credit: psirt@wdc.com psirt@wdc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Westerndigital Sandisk Privateaccess | <6.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-22812?
CVE-2023-22812 is a vulnerability in SanDisk PrivateAccess versions prior to 6.4.9 that supports insecure TLS 1.0 and TLS 1.1 protocols.
What is the severity of CVE-2023-22812?
CVE-2023-22812 has a severity rating of 7.4, which is considered high.
How does CVE-2023-22812 affect SanDisk PrivateAccess?
CVE-2023-22812 affects SanDisk PrivateAccess versions prior to 6.4.9 by allowing man-in-the-middle attacks and compromising the confidentiality and integrity of data.
How can I fix CVE-2023-22812?
To fix CVE-2023-22812, update SanDisk PrivateAccess to version 6.4.9 or later, which no longer supports insecure TLS 1.0 and TLS 1.1 protocols.
Where can I find more information about CVE-2023-22812?
More information about CVE-2023-22812 can be found at the following reference link: [https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update](https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update)
- collector/nvd-index
- collector/mitre-cve
- collector/nvd-api
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/tags
- agent/event
- vendor/westerndigital
- canonical/westerndigital sandisk privateaccess