Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23000: WDC-22011 My Cloud Firmware Version 5.23.114 | Western Digital

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an “SSL” context instead of “TLS” or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

CVE
#xss#vulnerability#web#mac#dos#git#java#auth#ssl

WDC Tracking Number: WDC-22011
Product Line: My Cloud
Published: July 25, 2022

Last Updated: July 25, 2022

Description

My Cloud OS 5 Firmware 5.23.114 includes updates to help improve the security of your My Cloud OS 5 devices.

To take advantage of the latest security fixes, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.

Product Impact

Minimum Fix Version

Last Updated

My Cloud PR2100

5.23.114

July 22, 2022

My Cloud PR4100

5.23.114

July 22, 2022

My Cloud EX4100

5.23.114

July 22, 2022

My Cloud EX2 Ultra

5.23.114

July 22, 2022

My Cloud Mirror G2

5.23.114

July 22, 2022

My Cloud DL2100

5.23.114

July 22, 2022

My Cloud DL4100

5.23.114

July 22, 2022

My Cloud EX2100

5.23.114

July 22, 2022

My Cloud

5.23.114

July 22, 2022

WD Cloud

5.23.114

July 22, 2022

For more information on the latest security updates, see the release notes.

Advisory Summary

Western Digital My Cloud Web App uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. As a result, a local user with least privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. This vulnerability was resolved by enabling TLS ConnectionSwitching to a “TLS” context instead of "SSL".

Addressed an improper input validation and out-of-bounds write vulnerability in TensorFlow which is an open-source platform for machine learning. An attacker could pass negative values to cause a segmentation fault-based denial-of-service attack. Certain components also did not validate input arguments which could also trigger a denial-of-service attack.

CVE Number:  CVE-2022-29191,  CVE-2022-29213,  CVE-2022-29208

Addressed multiple FFmpeg vulnerabilities by updating the version to 7:4.1.9-0+deb10u1.

Western Digital My Cloud devices were vulnerable to a cross-site scripting vulnerability that could allow an attacker with elevated privileges to access drives being backed up, to construct and inject JavaScript payloads into an authenticated user’s browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. This was resolved by output sanitization.

CVE Number:  CVE-2022-22999

Related news

CVE-2022-22998: WDC-22009 My Cloud Home Firmware Version 8.7.0-107 | Western Digital

Implemented protections on AWS credentials that were not properly protected.

GHSA-5889-7v45-q28m: Incomplete validation in signal ops leads to crashes

### Impact The `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). ### Patches We have patched the issue in GitHub commit [0a8a781e597b18ead006d19b7d23d0a369e9ad73](https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73) (merging GitHub PR [#55274](https://github.com/tensorflow/tensorflow/pull/55274)). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as these are also affected and still in supported range. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported externally via a [GitHub issue](https://github.com/tensorflow/tensorf...

GHSA-2r2f-g8mw-9gvr: Segfault and OOB write due to incomplete validation in `EditDistance`

### Impact The implementation of [`tf.raw_ops.EditDistance`]() has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service: ```python import tensorflow as tf hypothesis_indices = tf.constant(-1250999896764, shape=[3, 3], dtype=tf.int64) hypothesis_values = tf.constant(0, shape=[3], dtype=tf.int64) hypothesis_shape = tf.constant(0, shape=[3], dtype=tf.int64) truth_indices = tf.constant(-1250999896764, shape=[3, 3], dtype=tf.int64) truth_values = tf.constant(2, shape=[3], dtype=tf.int64) truth_shape = tf.constant(2, shape=[3], dtype=tf.int64) tf.raw_ops.EditDistance( hypothesis_indices=hypothesis_indices, hypothesis_values=hypothesis_values, hypothesis_shape=hypothesis_shape, truth_indices=truth_indices, truth_values=truth_values, truth_shape=truth_shape) ``` In multiple places throughout the code, we are computing an index for a write operation: ```cc if (g_truth == g_hypothesis) { auto loc = std::inner_product(g_...

GHSA-fv25-wrff-wf86: Missing validation causes denial of service via `GetSessionTensor`

### Impact The implementation of [`tf.raw_ops.GetSessionTensor`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/session_ops.cc#L94-L112) does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf handle = tf.constant("[]", shape=[0], dtype=tf.string) tf.raw_ops.GetSessionTensor(handle=handle) ``` The code assumes `handle` is a scalar but there is no validation for this: ```cc const Tensor& handle = ctx->input(0); const string& name = handle.scalar<tstring>()(); ``` ### Patches We have patched the issue in GitHub commit [48305e8ffe5246d67570b64096a96f8e315a7281](https://github.com/tensorflow/tensorflow/commit/48305e8ffe5246d67570b64096a96f8e315a7281). The fix will be included in TensorFlow 2.9.0. We will also cherrypick this commit on TensorFlow 2.8.1, TensorFlow 2.7.2, and TensorFlow 2.6.4, as th...

CVE-2022-29213: `tf.compat.v1.signal.rfft2d` and `rfft3d` lacks input validation leading to crashes · Issue #55263 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29207: Release TensorFlow 2.6.4 · tensorflow/tensorflow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE-2022-29191

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907