CVE-2022-22988: 
Western Digital EdgeRover vulnerability analysis and mitigation

A file and directory permissions vulnerability was discovered in EdgeRover Desktop App, identified as CVE-2022-22988. The vulnerability was disclosed on January 13, 2022, affecting both Mac and Windows versions of the EdgeRover Desktop App prior to version 1.5.0-576. The issue allowed unintended users to modify or access resources due to incorrect file and directory permissions (Western Digital).

The vulnerability is related to insecure file and directory permissions that could allow unauthorized access to resources. The CVSS 3.0 score for this vulnerability is 9.1, indicating a critical severity level with high impact (I:H), network attack vector (AV:N), low attack complexity (AC:L), and no privileges required (PR:N) (ManageEngine).

The vulnerability could allow unintended users to read or modify resources within the EdgeRover Desktop application, potentially compromising the security of user data (Western Digital).

Western Digital addressed this vulnerability by correcting file and directory permissions in EdgeRover version 1.5.0-576, released on January 10, 2022. Users are advised to upgrade to this version or later to protect against unauthorized access (Western Digital).