{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T19:57:47.883","vulnerabilities":[{"cve":{"id":"CVE-2022-23006","sourceIdentifier":"psirt@wdc.com","published":"2022-09-27T23:15:12.720","lastModified":"2024-11-21T06:47:47.487","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes."},{"lang":"es","value":"Se ha encontrado una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en Western Digital My Cloud Home, My Cloud Home Duo y SanDisk ibi que podría permitir a un atacante que acceda al sistema localmente leer información del archivo /etc/version. Esta vulnerabilidad sólo puede ser explotada encadenándola con otro problema. Si un atacante es capaz de conducir un ataque de ejecución de código remota, puede conseguir acceso al archivo vulnerable, debido a una presencia de funciones no seguras en el código. Es requerida una interacción del usuario para la explotación. La explotación de la vulnerabilidad podría resultar en una exposición de información, la posibilidad de modificar archivos, a errores de acceso a la memoria o a bloqueos del sistema"}],"metrics":{"cvssMetricV31":[{"source":"psirt@wdc.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N","baseScore":1.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@wdc.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","matchCriteriaId":"A43E3D15-2F9F-4924-8C36-B1041E6CFA62"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*","matchCriteriaId":"2BE2FBAB-5BA0-4F09-A76E-4A6869668810"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","matchCriteriaId":"BD203970-1264-4BA0-9AC7-43291899E41F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*","matchCriteriaId":"124BBC79-65A2-465C-B784-D21E57E96F63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:westerndigital:sandisk_ibi_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"8.10.0-117","matchCriteriaId":"7DCC0C4C-DB17-4DA5-A572-6BBD303DDE77"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:westerndigital:sandisk_ibi:-:*:*:*:*:*:*:*","matchCriteriaId":"296ADA43-16BA-4444-B472-DB945FB917B2"}]}]}],"references":[{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006","source":"psirt@wdc.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.westerndigital.com/support/product-security/wdc-22015-western-digital-my-cloud-home-and-sandisk-ibi-firmware-version-8-10-0-117","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23006","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}