Search
Find a vulnerability
Search criteria
2 vulnerabilities found for sandisk_privateaccess by westerndigital
CVE-2023-22812 (GCVE-0-2023-22812)
Vulnerability from nvd – Published: 2023-03-24 00:00 – Updated: 2025-02-19 20:27
VLAI
EPSS
VEX
Title
SanDisk PrivateAccess Deprecated TLS protocol versions supported
Summary
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SanDisk | PrivateAccess |
Affected:
0 , < 6.4.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update",
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:27:43.013630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:27:51.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PrivateAccess",
"vendor": "SanDisk",
"versions": [
{
"lessThan": "6.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T17:06:36.560Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update",
"url": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWe urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.\u003c/p\u003e"
}
],
"value": "We urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SanDisk PrivateAccess Deprecated TLS protocol versions supported",
"x_generator": {
"engine": "SecretariatVulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2023-22812",
"datePublished": "2023-03-24T00:00:00.000Z",
"dateReserved": "2023-01-06T20:23:44.300Z",
"dateUpdated": "2025-02-19T20:27:51.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22812 (GCVE-0-2023-22812)
Vulnerability from cvelistv5 – Published: 2023-03-24 00:00 – Updated: 2025-02-19 20:27
VLAI
EPSS
VEX
Title
SanDisk PrivateAccess Deprecated TLS protocol versions supported
Summary
SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SanDisk | PrivateAccess |
Affected:
0 , < 6.4.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update",
"tags": [
"x_transferred"
],
"url": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:27:43.013630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:27:51.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PrivateAccess",
"vendor": "SanDisk",
"versions": [
{
"lessThan": "6.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T17:06:36.560Z",
"orgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"shortName": "WDC PSIRT"
},
"references": [
{
"name": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update",
"url": "https://www.westerndigital.com/support/product-security/wdc-23005-sandisk-privateaccess-software-update"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eWe urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.\u003c/p\u003e"
}
],
"value": "We urge our customers to install this software update immediately to keep their vaults protected. As with any upgrade, it is best to back up your data before installing the upgrade.\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SanDisk PrivateAccess Deprecated TLS protocol versions supported",
"x_generator": {
"engine": "SecretariatVulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb3b742e-5145-4748-b44b-5ffd45bf3b6a",
"assignerShortName": "WDC PSIRT",
"cveId": "CVE-2023-22812",
"datePublished": "2023-03-24T00:00:00.000Z",
"dateReserved": "2023-01-06T20:23:44.300Z",
"dateUpdated": "2025-02-19T20:27:51.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}