An authenticated attacker could use the vulnerability to inject malware into a target device and remotely access files
Positive Technologies’ Nikita Abramov identifies vulnerability in Western Digital’s NAS device firmware, which could result in remote code execution, data loss, and data breaches. The vendor was promptly notified and issued patches following responsible disclosure.
At the time of writing, IP addresses of 67 of Western Digital’s network-attached storage devices in the Middle East were still available on the global network.
The CVE-2023-22815 vulnerability (scored 8.8 on the CVSS 3.0 scale) was detected in the firmware of My Cloud OS 5, v5.23.114. This software is used in several Western Digital’s network devices: My Cloud PR2100, My Cloud PR4100, My Cloud EX4100, My Cloud EX2 Ultra, My Cloud Mirror G2, and others.
“The most dangerous scenario is a complete seizure of control over NAS”
Nikita Abramov, Specialist of the Security Weakness Advanced Research and Modeling Center (PT SWARM)1
Nikita Abramov, Specialist of the Security Weakness Advanced Research and Modeling Center (PT SWARM)1, said, “The most dangerous scenario is a complete seizure of control over NAS (network attached storage, a file storage server). All further steps depend on the attacker’s objectives: stealing, modifying, or completely removing data, and possibly deploying malware. The vulnerability is likely caused by adding new functionality to NAS without proper security checks.”
At the time of writing, IP addresses of more than 2,400 of Western Digital’s network-attached storage devices were available on the global network. Most of them were in Germany (460), the United States (310), Italy (257), the UK (131), and South Korea (125).
Western Digital recommends installing the updated My Cloud OS 5 v5.26.300 firmware on all affected devices. For a complete list of these devices, see the vendor’s advisory summary.
Positive Technologies recommends that companies build vulnerability management processes. It is necessary to regularly update software in use, carefully monitor a company’s crucial assets, and focus on trending vulnerabilities first.
