Vulnerability Details : CVE-2022-22988
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device.
Products affected by CVE-2022-22988
- cpe:2.3:a:westerndigital:edgerover:*:*:*:*:*:macos:*:*
- cpe:2.3:a:westerndigital:edgerover:*:*:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-22988
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-22988
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST | |
|
9.0
|
CRITICAL | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
2.5
|
5.8
|
Western Digital | |
|
7.7
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
2.5
|
5.2
|
Western Digital |
CWE ids for CVE-2022-22988
-
Assigned by: psirt@wdc.com (Secondary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-22988
-
https://www.westerndigital.com/support/product-security/wdc-22003-edgerover-desktop-app-version-1-5-0-576
WDC-22003 EdgeRover Desktop App Version 1.5.0-576 | Western DigitalVendor Advisory
Jump to