Vulnerability Description
Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sandisk | Ssd Dashboard | < 2.5.1.0 |
| Westerndigital | Ssd Dashboard | < 2.5.1.0 |
References
- https://support.wdc.com/downloads.aspx?g=907&lang=enVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-wesPatchVendor Advisory
- https://support.wdc.com/downloads.aspx?g=907&lang=enVendor Advisory
- https://www.westerndigital.com/support/productsecurity/wdc-19009-sandisk-and-wesPatchVendor Advisory
FAQ
What is CVE-2019-13467?
CVE-2019-13467 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download r...
How severe is CVE-2019-13467?
CVE-2019-13467 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13467?
Check the references section above for vendor advisories and patch information. Affected products include: Sandisk Ssd Dashboard, Westerndigital Ssd Dashboard.