CVE-2020-12830 - OpenCVE

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Westerndigital	My Cloud Mirror - Gen 2 My Cloud Ex4100 My Cloud Expert Series Ex2 My Cloud Pr2100 My Cloud Firmware My Cloud Pr4100

Configuration 1 [-]

AND

cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:westerndigital:my_cloud_ex4100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_expert_series_ex2:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_mirror_-_gen_2:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr2100:-:::::::*
	cpe:2.3:h:westerndigital:my_cloud_pr4100:-:::::::*

References

Link	Resource
https://support.wdc.com/downloads.aspx?g=907&lang=en	Vendor Advisory
https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-27T19:32:52

Updated: 2020-10-27T19:32:52

Reserved: 2020-05-13T00:00:00

Link: CVE-2020-12830

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-27T20:15:21.533

Modified: 2020-11-02T17:09:57.077

Link: CVE-2020-12830

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T19:32:52", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.wdc.com/downloads.aspx?g=907&lang=en"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.wdc.com/downloads.aspx?g=907&lang=en", "refsource": "MISC", "url": "https://support.wdc.com/downloads.aspx?g=907&lang=en"}, {"name": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114", "refsource": "CONFIRM", "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12830", "datePublished": "2020-10-27T19:32:52", "dateReserved": "2020-05-13T00:00:00", "dateUpdated": "2020-10-27T19:32:52", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:westerndigital:my_cloud_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A91F2BA-EC12-4060-A0A5-9E4EB6238036", "versionEndExcluding": "5.04.114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:westerndigital:my_cloud_ex4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B78030F0-6655-4604-9D16-2FA1F3FD52FF", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_expert_series_ex2:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1351BC5-FF95-4041-8D4A-F6975AEE84A0", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_mirror_-_gen_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C70F1252-64C8-4174-9D61-957D1D52FE6B", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF58260B-2131-402C-A9DA-67B188136DE1", "vulnerable": false}, {"criteria": "cpe:2.3:h:westerndigital:my_cloud_pr4100:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0C2FD9-4792-4DA2-9698-E53109A499EC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114."}, {"lang": "es", "value": "Se abordaron m\u00faltiples vulnerabilidades de desbordamiento del b\u00fafer de pila que podr\u00edan permitir a un atacante llevar a cabo una escalada de privilegios por medio de una ejecuci\u00f3n de c\u00f3digo remota no autorizada en dispositivos Western Digital My Cloud versiones anteriores a 5.04.114"}], "id": "CVE-2020-12830", "lastModified": "2020-11-02T17:09:57.077", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T20:15:21.533", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.wdc.com/downloads.aspx?g=907&lang=en"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}