CVE-2019-13466

Опубликовано: 30 сент. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.

Ссылки

https://support.wdc.com/downloads.aspx?g=907&lang=en
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities
Patch
Vendor Advisory
https://support.wdc.com/downloads.aspx?g=907&lang=en
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sandisk:ssd_dashboard:*:*:*:*:*:*:*:*

Версия до 2.5.1.0 (исключая)

cpe:2.3:a:westerndigital:ssd_dashboard:*:*:*:*:*:*:*:*

Версия до 2.5.1.0 (исключая)

EPSS

Процентиль: 47%

0.00237

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-hcc4-qrwf-rvv4

github

больше 3 лет назад

Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 have Incorrect Access Control. The ?generate reports? archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption is available.