First published: Fri Jun 30 2023(Updated: )
An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202.
Credit: psirt@wdc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Westerndigital My Cloud Os | >=5.02.104<5.26.202 | |
Westerndigital My Cloud | ||
Westerndigital My Cloud Dl2100 | ||
Westerndigital My Cloud Dl4100 | ||
Westerndigital My Cloud Ex2 Ultra | ||
Westerndigital My Cloud Ex2100 | ||
Westerndigital My Cloud Ex4100 | ||
Westerndigital My Cloud Mirror G2 | ||
Westerndigital My Cloud Pr2100 | ||
Westerndigital My Cloud Pr4100 | ||
Westerndigital Wd Cloud |
Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-22814 is an authentication bypass issue via spoofing in the token-based authentication mechanism of My Cloud OS 5 devices before 5.26.202.
CVE-2023-22814 affects My Cloud OS 5 devices before version 5.26.202.
The severity of CVE-2023-22814 is critical.
An attacker can exploit CVE-2023-22814 by carrying out an impersonation attack through the authentication bypass issue.
To fix CVE-2023-22814, update your My Cloud OS 5 device to version 5.26.202 or later.