Two severe vulnerabilities in the Western Digital and SanDisk SSD Dashboard can allow threat actors to trick users into running arbitrary code on the computers.
The first vulnerability
Discovered by Trustwave researchers, one of the vulnerabilities is detected as CVE-2019-13466. The flaw is related to the use of a hard-coded password for protecting the archived customer-generated system and diagnostic reports.
Trustwave researchers found the bug after dumping strings from the main binary file-SanDiskSSDDashboard.exe. They found that one of the strings was a hardcoded password used for encrypting report information. The password is the same for every installation. By exploiting the vulnerability, an attacker can intercept the report to read all the sensitive data included in the SSD Dashboard.
The second vulnerability
The second vulnerability - CVE-2019-13467 - is more severe. The flaw exists as the application uses HTTP instead of HTTPS for communication with the SanDisk site. This can allow an attacker to create a rogue hotspot and perform a man-in-the-middle attack. Through the MiTM attack, attackers can serve malicious content instead of the data requested by the app.
“This makes it trivial to attack users running this application in untrusted environments (e.g. using public internet hotspot). Specifically, a malicious user can create a rogue hotspot that the computer will join or launch a man-in-the-middle attack and then serve malicious content instead of the data requested by the app,” said researchers.
The flaw affects Western Digital SanDisk SSD Dashboard applications prior to version 126.96.36.199.
Addressing the issues
Western Digital has confirmed the issues and urged the customers to install security updates to stay safe. The flaws have been addressed in the latest version 188.8.131.52.