CVE-2022-23006

Published: Sep 27, 2022

Modified: May 21, 2025

PUBLISHED

CVSS v3.1

1.8

LOW

Description

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

Vendor	Product	Versions
Western Digital	My Cloud Home	affected `8.10.0-117 - < 8.10.0-117`
Western Digital	My Cloud Home Duo	affected `8.10.0-117 - < 8.10.0-117`
SanDisk	ibi	affected `8.10.0-117 - < 8.10.0-117`

Weaknesses (CWE)

CWE-121

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

https://nvd.nist.gov/vuln/detail/CVE-2022-23006

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23006

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References