Vulnerability in Sandisk Ibi
CVE-2022-36331
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devic…
EPSS: 0.006 (43.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Sandisk Ibi — versions 0
- Western Digital My Cloud Home And Duo — versions 0
- Western Digital My Cloud Os 5 — versions 0
- Westerndigital My_cloud
- Westerndigital My_cloud_dl2100
- Westerndigital My_cloud_dl2100_firmware
- Westerndigital My_cloud_dl4100
- Westerndigital My_cloud_dl4100_firmware
- Westerndigital My_cloud_ex2100
- Westerndigital My_cloud_ex2100_firmware
Weakness classification (CWE)
References
- psirt@wdc.com (Broken Link)
- nvd@nist.gov (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-36331?
- CVE-2022-36331 is a critical-severity vulnerability in Sandisk Ibi, classified under Authentication Bypass by Spoofing. CVSS score: 10.0/10. Published 2023-06-12.
- How severe is CVE-2022-36331?
- Critical severity. CVSS v3 base score is 10.0 out of 10.