CVE & CISA-KEV Catalog

CVE-2023-22813

LOW
3.3
CVSS v3
NVD

Description

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126.

How to fix

Remediation Available
my cloudNVD
Affected:< 4.26.0-6126Fixed in:4.26.0-6126CVE-2023-22813derived from NVD
my cloud homeNVD
Affected:< 4.21.0Fixed in:4.21.0CVE-2023-22813derived from NVD
Affected:< 4.26.0-6126Fixed in:4.26.0-6126CVE-2023-22813derived from NVD
my cloud os 5NVD
Affected:< 4.21.0Fixed in:4.21.0CVE-2023-22813derived from NVD
sandisk ibiNVD
Affected:< 4.21.0Fixed in:4.21.0CVE-2023-22813derived from NVD
Affected:< 4.26.0-6126Fixed in:4.26.0-6126CVE-2023-22813derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityNone
AvailabilityNone

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploit Intelligence

0.46%probability of exploitation in 30 days
36thpercentile

Low risk: more likely to be exploited than 36% of all known CVEs.

References

Vendor Advisory1

Related Vulnerabilities

Other CWE-200 (Information Exposure) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-24919High8.6100%KEV + Ransom-
CVE-2020-14181Medium5.3100%-Fix
CVE-2021-34429Medium5.399%-Fix
CVE-2018-11409Medium5.398%--
CVE-2021-41277Critical10.097%KEV-
CVE-2016-2183High7.596%-Fix
Embed a live status badge for CVE-2023-22813
CVE-2023-22813 severity badge

Markdown

[![CVE-2023-22813](https://tridentstack.com/cve/badge/CVE-2023-22813.svg)](https://tridentstack.com/cve/CVE-2023-22813)

HTML

<a href="https://tridentstack.com/cve/CVE-2023-22813"><img src="https://tridentstack.com/cve/badge/CVE-2023-22813.svg" alt="CVE-2023-22813"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.