SecurityWeek reports that Western Digital has prevented all devices on firmware affected by the critical vulnerability, tracked as CVE-2022-36327, from accessing its cloud services since June 15, in an effort to curb cyberattacks that may prompt significant data compromise.
Exploiting the flaw, which affects Western Digitals My Cloud Home, My Cloud Home Duo, My Cloud OS 5 devices, and SanDisk ibi, could enable file writing in locations with particular filesystem types, according to an advisory from the National Institute of Standards and Technology.
The vulnerability, along with other medium-severity flaws, had been resolved by Western Digital on May 15 with the release of My Cloud OS 5 firmware version 5.26.202, while a server-side request forgery bug had been addressed by the company in My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices as part of the firmware version 9.4.1-101 release on May 26.
Nonapplication of the firmware update would hinder users of the aforementioned devices from accessing their data although such could still be done locally on their devices.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.