CVE-2023-22812 - OpenCVE

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Westerndigital	Sandisk Privateaccess

Configuration 1 [-]

cpe:2.3:a:westerndigital:sandisk_privateaccess:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WDC PSIRT

Published: 2023-03-24T00:00:00

Updated: 2023-10-23T17:06:36.560Z

Reserved: 2023-01-06T20:23:44.300Z

Link: CVE-2023-22812

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-24T20:15:15.343

Modified: 2023-11-04T02:51:17.437

Link: CVE-2023-22812

JSON object: View

Redhat Information

No data.

CWE

CWE-327

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "assignerShortName": "WDC PSIRT", "cveId": "CVE-2023-22812", "state": "PUBLISHED", "dateUpdated": "2023-10-23T17:06:36.560Z", "datePublished": "2023-03-24T00:00:00", "dateReserved": "2023-01-06T20:23:44.300Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PrivateAccess", "vendor": "SanDisk", "versions": [{"lessThan": "6.4.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. </span><br>"}], "value": "SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a", "shortName": "WDC PSIRT", "dateUpdated": "2023-10-23T17:06:36.560Z"}, "references": [{"name": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update", "url": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>We urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.</p>"}], "value": "We urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.\n\n"}], "source": {"discovery": "INTERNAL"}, "title": "SanDisk PrivateAccess Deprecated TLS protocol versions supported", "x_generator": {"engine": "SecretariatVulnogram 0.1.0-dev"}}}}