CVE-2023-22812

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update	Vendor Advisory
https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:westerndigital:sandisk_privateaccess:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:45

Type	Values Removed	Values Added
References	~~() https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update - Vendor Advisory~~	() https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update - Vendor Advisory

29 Mar 2023, 15:03

Type	Values Removed	Values Added
References	~~(MISC) https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update -~~	(MISC) https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update - Vendor Advisory
CWE		CWE-327
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.4
CPE		cpe:2.3:a:westerndigital:sandisk_privateaccess::::::::

24 Mar 2023, 20:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-24 20:15

Updated : 2024-11-21 07:45

NVD link : CVE-2023-22812

Mitre link : CVE-2023-22812

CVE.ORG link : CVE-2023-22812

JSON object : View

Products Affected

westerndigital

sandisk_privateaccess

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

7.4 /10