EdgeRover Desktop App Version 1.5.1-594


WDC Tracking Number: WDC-22004
Published: March 18, 2022

Last Updated: March 18, 2022

Description

EdgeRover was vulnerable to a directory traversal vulnerability that allowed an attacker to carry out a local privilege escalation and escape basic file-system sandboxing. These vulnerabilities when successfully exploited could lead to disclosure of sensitive information or denial-of-service.

Product Impact
Minimum Fix Version
Last Updated
EdgeRover Mac Desktop App
March 10, 2022
EdgeRover Windows Desktop App
March 10, 2022

Advisory Summary

Addressed this vulnerability in EdgeRover by modifying file and directory permissions to allow files to only be loaded from certain folders.

CVE Number: CVE-2022-22988

Western Digital would like to thank Xavier Danest for reporting this issue.