Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaw in Western Digital My Cloud exposes the content to hackers

An authentication bypass vulnerability in Western Digital My Cloud NAS could allow hackers to access the content of the storage Researchers at security firm Securify have discovered an elevation of privilege vulnerability in the Western Digital My Cloud platform that could be exploited by attackers to gain admin-level access to the device via an HTTP request. The flaw, […]

Western Digital My Cloud flaw

An authentication bypass vulnerability in Western Digital My Cloud NAS could allow hackers to access the content of the storage

Researchers at security firm Securify have discovered an elevation of privilege vulnerability in the Western Digital My Cloud platform that could be exploited by attackers to gain admin-level access to the device via an HTTP request.

The flaw, tracked as CVE-2018-17153, would allow an unauthenticated attacker with network access to the device to authenticate as an admin without providing a password.

The attacker could exploit the flaw to run commands, access the stored data, modify/copy them as well as wipe the NAS.

“It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability that allows an unauthenticated user to create an admin session that is tied to her IP address.” reads the report published by Securify.

“By exploiting this issue an unauthenticated attacker can run commands that would normally require admin privileges and gain complete control of the My Cloud device.”

The vulnerability resides in the process of creation of admin sessions implemented by the My Cloud devices that bound to the user’s IP address.

Once the session is created, it is possible to call the authenticated CGI modules by sending the cookie username=admin in the HTTP request. The CGI will check if a valid session is present and bound to the user’s IP address.

An attacker can send a CGI call to the device including a cookie containing the cookie username=admin.

“It was found that it is possible for an unauthenticated attacker to create a valid session without requiring to authenticate.” continues Securify.

“The network_mgr.cgi CGI module contains a command called cgi_get_ipv6 that starts an admin session that is tied to the IP address of the user making the request when invoked with the parameter flag equal to 1. Subsequent invocation of commands that would normally require admin privileges are now authorized if an attacker sets the username=admin cookie.”

Western Digital My Cloud flaw

The experts published the following PoC code to exploit the issue:

POST /cgi-bin/network_mgr.cgi HTTP/1.1
Host: wdmycloud.local
Content-Type: application/x-www-form-urlencoded
Cookie: username=admin
Content-Length: 23

cmd=cgi_get_ipv6&flag=1

Securify reported the vulnerability to Western Digital in April, but it is still waiting for a response.

In February, experts from Trustwave disclosed two vulnerabilities in Western Digital My Cloud network storage devices that could be exploited by a local attacker to gain root access to the NAS devices.

In April, security experts at Trustwave discovered that Western Digital My Cloud EX2 storage devices were leaking files on a local network by default.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Digital My Cloud, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]