{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-22819","assignerOrgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","state":"PUBLISHED","assignerShortName":"WDC PSIRT","dateReserved":"2023-01-06T20:23:44.301Z","datePublished":"2024-02-05T21:26:53.171Z","dateUpdated":"2024-09-05T22:47:28.039Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Linux"],"product":"My Cloud OS 5","vendor":"Western Digital","versions":[{"lessThan":"5.27.161","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Linux"],"product":"My Cloud Home & Duo","vendor":"Western Digital","versions":[{"lessThan":"9.5.1-104","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","platforms":["Linux"],"product":"ibi","vendor":"SanDisk","versions":[{"lessThan":"9.5.1-104","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"reporter","user":"00000000-0000-4000-9000-000000000000","value":"Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro’s Zero Day Initiative"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161.</span>"}],"value":"An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability. This issue affects My Cloud Home and My Cloud Home Duo: before 9.5.1-104; ibi: before 9.5.1-104; My Cloud OS 5: before 5.27.161."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":4.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770 Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","shortName":"WDC PSIRT","dateUpdated":"2024-09-05T22:47:28.039Z"},"references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p></p><div><div><p><span style=\"background-color: var(--wht);\">For My Cloud OS 5 devices, <span style=\"background-color: rgb(255, 255, 255);\">Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</span></span></p><p><span style=\"background-color: var(--wht);\">My Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version.</span></p></div></div><div><div><div></div></div></div><p></p>"}],"value":"For My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n\nMy Cloud Home, My Cloud Home Duo and SanDisk ibi devices will be automatically updated to reflect the latest firmware version."}],"source":{"discovery":"EXTERNAL"},"title":"Uncontrolled resource consumption vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-07T16:00:14.828373Z","id":"CVE-2023-22819","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-07T16:00:24.870Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T10:20:30.729Z"},"title":"CVE Program Container","references":[{"url":"https://www.westerndigital.com/support/product-security/wdc-24001-western-digital-my-cloud-os-5-my-cloud-home-duo-and-sandisk-ibi-firmware-update","tags":["x_transferred"]}]}]}}