SB2022072612 - Multiple vulnerabilities in Western Digital My Cloud OS 5

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Algorithm Downgrade (CVE-ID: CVE-2022-23000)

The vulnerability allows a local attacker to bypass certain security restrictions.

The vulnerability exists due to a weak SSLContext when attempting to configure port forwarding rules. A local attacker can jeopardize the integrity, confidentiality and authenticity of information transmitted.

2) Infinite loop (CVE-ID: CVE-2022-0778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BN_mod_sqrt() function when processing an ASN.1 certificate that contains elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. A remote attacker can supply a specially crafted certificate to the TLS server or client, consume all available system resources and cause denial of service conditions.

3) NULL pointer dereference (CVE-ID: CVE-2022-0562)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFReadDirectory() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2022-0561)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchStripThing() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.

5) Reachable Assertion (CVE-ID: CVE-2022-0865)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the tiffcp component. A remote attacker can trick a victim to open a specially crafted TIFF file and perform a denial of service attack.

6) Input validation error (CVE-ID: CVE-2022-29191)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the "GetSessionTensor". A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

7) Input validation error (CVE-ID: CVE-2022-29213)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in "tf.compat.v1.signal.rfft2d" and "tf.compat.v1.signal.rfft3d". A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

8) Out-of-bounds write (CVE-ID: CVE-2022-29208)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in "EditDistance". A local user can trigger out-of-bounds write and perform a denial of service (DoS) attack.

9) Cross-site scripting (CVE-ID: CVE-2022-22999)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://www.westerndigital.com/support/product-security/wdc-22011-my-cloud-firmware-version-5-23-114