WDC-19014 - WD Discovery, SanDisk ibi, and SanDisk Flashback - Remote Command Execution

WD Discovery, SanDisk ibi, and SanDisk Flashback - Remote Command Execution

WDC Tracking Number: WDC-19014
Product Line/Web: WD Discovery, SanDisk ibi, SanDisk Flashback
Published: August 21, 2019

Last Updated: August 21, 2019

Description

WD Discovery, SanDisk ibi, and SanDisk Flashback were vulnerable to unauthenticated remote command execution with elevated privileges via the local LAN or by visiting a malicious website via the user’s browser. This vulnerability could be exploited to allow malware installation, discrete surveillance, ransomware, data destruction or other malicious attacks. This was addressed by ensuring that all three products are no longer listening on outside interfaces and by adding CSRF prevention.

Product Impact

Minimum Fix Version

Last Updated

WD Discovery Mac

3.4.89

August 21, 2019

WD Discovery Windows

3.4.89

August 21, 2019

Flashback for Mac

3.2.179

August 21, 2019

Flashback for Win

3.2.179

August 21, 2019

ibi Version

2.3.299

August 21, 2019

Advisory Summary

This vulnerability was addressed by ensuring that all three products are no longer listening on outside interfaces and by adding CSRF prevention.

Add up to 4 products

{{ skuObj.title.length < 15 ? skuObj.title : skuObj.title.substring(0,14) + "..." }}

Compare

Details & Exclusions

Details & Exclusions

Details & Exclusions

Details & Exclusions

Sign In

Sign In for Business

Resend Verification Email

Reset Password

Sign In

Sign In for Business

Resend Verification Email

Reset Password

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

{{promotion.info.promoTitle}}

{{promotion.info.promoTitle}}

{{promotion.info.desc}}

WD Discovery, SanDisk ibi, and SanDisk Flashback - Remote Command Execution

Description

Advisory Summary

News and updates straight to your inbox