CVE-2019-13467

Опубликовано: 30 сент. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.

Ссылки

https://support.wdc.com/downloads.aspx?g=907&lang=en
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities
Patch
Vendor Advisory
https://support.wdc.com/downloads.aspx?g=907&lang=en
Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sandisk:ssd_dashboard:*:*:*:*:*:*:*:*

Версия до 2.5.1.0 (исключая)

cpe:2.3:a:westerndigital:ssd_dashboard:*:*:*:*:*:*:*:*

Версия до 2.5.1.0 (исключая)

EPSS

Процентиль: 47%

0.00239

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-42mj-98wg-gg4h