EdgeRover Desktop App Version 1.5.1-594


WDC Tracking Number: WDC-22004
Product Line: EdgeRover
Published: March 18, 2022

Last Updated: March 18, 2022

Description

EdgeRover was vulnerable to a directory traversal vulnerability that allowed an attacker to carry out a local privilege escalation and escape basic file-system sandboxing. These vulnerabilities when successfully exploited could lead to disclosure of sensitive information or denial-of-service.

Product Impact
Minimum Fix Version
Last Updated
EdgeRover Mac Desktop App
1.5.1-594
March 10, 2022
EdgeRover Windows Desktop App
1.5.1-594
March 10, 2022

Advisory Summary

Addressed this vulnerability in EdgeRover by modifying file and directory permissions to allow files to only be loaded from certain folders.

CVE Number: CVE-2022-22988

Western Digital would like to thank Xavier Danest for reporting this issue.