Support Product Security

My Cloud Firmware Version 5.15.106

WDC Tracking Number: WDC-21009
Published: July 13, 2021

Last Updated:  July 13, 2021

Description

My Cloud devices were using weak 1024-bit DSA keys that could allow the device to be impersonated. This could lead to credential theft, which might eventually cause a device compromise. However, since RSA keys are the default for modern SSH clients, the impact of this vulnerability is limited to older SSH clients or if an attacker blocks a client from using RSA keys. My Cloud Firmware 5.15.106 contains updates to harden the SSH configuration and improve the security of your My Cloud devices.

Product Impact
Last Updated
My Cloud (P/N: WDBCTLxxxxxx-10)
July 13, 2021
My Cloud EX2 Ultra
July 13, 2021
My Cloud DL2100
July 13, 2021
My Cloud DL4100
July 13, 2021
My Cloud EX2100
July 13, 2021
My Cloud EX4100
July 13, 2021
My Cloud Mirror Gen 2
July 13, 2021
My Cloud PR2100
July 13, 2021
My Cloud PR4100
July 13, 2021
WD Cloud
July 13, 2021

For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/

Advisory Summary

Addressed a vulnerability in the My Cloud SSH configuration which could indirectly lead to a device compromise. The vulnerability was addressed by removing the weak DSA keys and hardening the SSH configuration.

CVE Number: CVE-2015-4000
Reported by: Keanu Dölle

Compare