How severe is CVE-2022-23000?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2022-23000?

This is classified as CWE-757, which is a common weakness in software security.

CVE-2022-23000 - HIGH Severity | CVSS 7.8

Vulnerability Description

The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation, deprecated or insecure protocols are permitted. As a result, a local user with no privileges can exploit this vulnerability and jeopardize the integrity, confidentiality and authenticity of information transmitted. The scope of impact cannot extend to other components and no user input is required to exploit this vulnerability.

Related Vulnerabilities

CVE-2017-9267

HIGH

CVSS:7.5(High)

In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations.

CWE-7572017

CVE-2018-25029

HIGH

CVSS:8.1(High)

The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a differ...

CWE-7572018

CVE-2022-33160

HIGH

CVSS:7.5(High)

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.

CWE-7572022

CVE-2023-2974

HIGH

CVSS:8.1(High)

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the ...

CWE-7572023

CVE-2019-14887

HIGH

CVSS:7.4(High)

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfl...

CWE-7572019

CVE-2020-16200

MEDIUM

CVSS:6.5(Medium)

Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influen...

CWE-7572020