English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.108926
Categoría:Web application abuses
Título:Western Digital My Cloud Multiple Products < 2.12.127 / 2.20 - 2.30 < 2.31.149 Multiple Vulnerabilities
Resumen:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Descripción:Summary:
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE-2016-10107

- Resolved multiple cross site request forgery (CSRF) vulnerabilities

- Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195)

- Resolved multiple denial-of-service vulnerabilities

- Improved security by disabling SSH shadow information

- Resolved a buffer overflow issue that could lead to unauthenticated access

- Resolved a click-jacking vulnerability in the webinterface

- Resolved multiple security issues in the Webfile viewer on-devic eapp

- Improved the security of volume mount options

- Resolved multiple security issues in the EULA onboarding flow

- Resolved leakage of debug messages in the webinterface

- Improved credential handling for the remote MyCloud-to-MyCloud backup feature

- Improved credential handling for upload-logs-to-support option

Addiditionally the following components received an update containing security fixes:

- Apache v2.4.34

- PHP v5.4.45

- OpenSSH v7.5p1

- OpenSSL v1.0.1u

- libupnp v1.6.25 (CVE-2012-5958)

- jQuery v3.3.1 (CVE-2010-5312)

- Rsync v3.0.7

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.12.127
and 2.2 - 2.3 versions prior to 2.31.149.

Solution:
Update to firmware version 2.12.127, 2.31.149 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-5195
BugTraq ID: 93793
http://www.securityfocus.com/bid/93793
CERT/CC vulnerability note: VU#243144
https://www.kb.cert.org/vuls/id/243144
https://www.exploit-db.com/exploits/40611/
https://www.exploit-db.com/exploits/40616/
https://www.exploit-db.com/exploits/40839/
https://www.exploit-db.com/exploits/40847/
https://dirtycow.ninja
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
http://www.openwall.com/lists/oss-security/2016/10/26/7
RedHat Security Advisories: RHSA-2016:2098
http://rhn.redhat.com/errata/RHSA-2016-2098.html
RedHat Security Advisories: RHSA-2016:2105
http://rhn.redhat.com/errata/RHSA-2016-2105.html
RedHat Security Advisories: RHSA-2016:2106
http://rhn.redhat.com/errata/RHSA-2016-2106.html
RedHat Security Advisories: RHSA-2016:2107
http://rhn.redhat.com/errata/RHSA-2016-2107.html
RedHat Security Advisories: RHSA-2016:2110
http://rhn.redhat.com/errata/RHSA-2016-2110.html
RedHat Security Advisories: RHSA-2016:2118
http://rhn.redhat.com/errata/RHSA-2016-2118.html
RedHat Security Advisories: RHSA-2016:2120
http://rhn.redhat.com/errata/RHSA-2016-2120.html
RedHat Security Advisories: RHSA-2016:2124
http://rhn.redhat.com/errata/RHSA-2016-2124.html
RedHat Security Advisories: RHSA-2016:2126
http://rhn.redhat.com/errata/RHSA-2016-2126.html
RedHat Security Advisories: RHSA-2016:2127
http://rhn.redhat.com/errata/RHSA-2016-2127.html
RedHat Security Advisories: RHSA-2016:2128
http://rhn.redhat.com/errata/RHSA-2016-2128.html
RedHat Security Advisories: RHSA-2016:2132
http://rhn.redhat.com/errata/RHSA-2016-2132.html
RedHat Security Advisories: RHSA-2016:2133
http://rhn.redhat.com/errata/RHSA-2016-2133.html
RedHat Security Advisories: RHSA-2017:0372
https://access.redhat.com/errata/RHSA-2017:0372
http://www.securitytracker.com/id/1037078
SuSE Security Announcement: openSUSE-SU-2020:0554 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
Common Vulnerability Exposure (CVE) ID: CVE-2012-5958
BugTraq ID: 57602
http://www.securityfocus.com/bid/57602
CERT/CC vulnerability note: VU#922681
http://www.kb.cert.org/vuls/id/922681
Cisco Security Advisory: 20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
Debian Security Information: DSA-2614 (Google Search)
http://www.debian.org/security/2013/dsa-2614
Debian Security Information: DSA-2615 (Google Search)
http://www.debian.org/security/2013/dsa-2615
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
http://packetstormsecurity.com/files/160242/libupnp-1.6.18-Denial-Of-Service.html
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
https://www.tenable.com/security/research/tra-2017-10
SuSE Security Announcement: openSUSE-SU-2013:0255 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-5312
BugTraq ID: 71106
http://www.securityfocus.com/bid/71106
Debian Security Information: DSA-3249 (Google Search)
http://www.debian.org/security/2015/dsa-3249
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
http://seclists.org/oss-sec/2014/q4/616
http://seclists.org/oss-sec/2014/q4/613
RedHat Security Advisories: RHSA-2015:0442
http://rhn.redhat.com/errata/RHSA-2015-0442.html
RedHat Security Advisories: RHSA-2015:1462
http://rhn.redhat.com/errata/RHSA-2015-1462.html
http://www.securitytracker.com/id/1037035
XForce ISS Database: jqueryui-cve20105312-xss(98696)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98696
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.