CVE-2019-13467

Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
sandiskssd_dashboard
𝑥
< 2.5.1.0
westerndigitalssd_dashboard
𝑥
< 2.5.1.0
𝑥
= Vulnerable software versions
References
https://support.wdc.com/downloads.aspx?g=907&lang=en
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities
https://support.wdc.com/downloads.aspx?g=907&lang=en
https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-western-digital-ssd-dashboard-vulnerabilities