WDC-22004 EdgeRover Desktop App Version 1.5.1-594

EdgeRover Desktop App Version 1.5.1-594

WDC Tracking Number: WDC-22004
Product Line: EdgeRover
Published: March 18, 2022

Last Updated: March 18, 2022

Description

EdgeRover was vulnerable to a directory traversal vulnerability that allowed an attacker to carry out a local privilege escalation and escape basic file-system sandboxing. These vulnerabilities when successfully exploited could lead to disclosure of sensitive information or denial-of-service.

Product Impact

Minimum Fix Version

Last Updated

EdgeRover Mac Desktop App

1.5.1-594

March 10, 2022

EdgeRover Windows Desktop App

1.5.1-594

March 10, 2022

Advisory Summary

Addressed this vulnerability in EdgeRover by modifying file and directory permissions to allow files to only be loaded from certain folders.

CVE Number: CVE-2022-22988

Western Digital would like to thank Xavier Danest for reporting this issue.

Add up to 4 products

{{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Compare

EdgeRover Desktop App Version 1.5.1-594

Description

Advisory Summary

Get the Latest News and Updates