Positive Technologies experts have discovered a dangerous vulnerability in Western Digital network storage systems.
A vulnerability has been discovered in the firmware of Western Digital network storages that allows you to execute arbitrary code remotely. Vulnerability CVE-2023-22815, which has a CVSS 3.0 score of 8.8, was identified by Positive Technologies expert Nikita Abramov in the My Cloud OS 5 v5.23.114 firmware. This internal software is used in several Western Digital network device lines, such as My Cloud PR2100, My Cloud PR4100, My Cloud EX4100 and others.
The vulnerability could lead to remote execution of arbitrary code in repositories, data loss, and violation of information confidentiality. According to Nikita Abramov, the most dangerous scenario is a complete seizure of control of NAS-network attached storage, a server for storing files.
Western Digital was notified of the vulnerability as part of its responsible disclosure policy and released an update to address the flaw. The company recommends installing the updated My Cloud OS 5 firmware version v5. 26. 300 on all affected devices. According to Positive Technologies, the IP addresses of more than 2,400 Western Digital network storages remained available on the global network. The largest number of them is found in Germany (460), the United States (310), Italy (257), the United Kingdom (131) and South Korea (125).
Positive Technologies advises organizations to build a vulnerability management process and regularly update the software used, paying attention to the company's priority assets and focusing primarily on trending vulnerabilities.
A vulnerability has been discovered in the firmware of Western Digital network storages that allows you to execute arbitrary code remotely. Vulnerability CVE-2023-22815, which has a CVSS 3.0 score of 8.8, was identified by Positive Technologies expert Nikita Abramov in the My Cloud OS 5 v5.23.114 firmware. This internal software is used in several Western Digital network device lines, such as My Cloud PR2100, My Cloud PR4100, My Cloud EX4100 and others.
The vulnerability could lead to remote execution of arbitrary code in repositories, data loss, and violation of information confidentiality. According to Nikita Abramov, the most dangerous scenario is a complete seizure of control of NAS-network attached storage, a server for storing files.
Western Digital was notified of the vulnerability as part of its responsible disclosure policy and released an update to address the flaw. The company recommends installing the updated My Cloud OS 5 firmware version v5. 26. 300 on all affected devices. According to Positive Technologies, the IP addresses of more than 2,400 Western Digital network storages remained available on the global network. The largest number of them is found in Germany (460), the United States (310), Italy (257), the United Kingdom (131) and South Korea (125).
Positive Technologies advises organizations to build a vulnerability management process and regularly update the software used, paying attention to the company's priority assets and focusing primarily on trending vulnerabilities.
