CVE-2023-22812

HIGH

SanDisk PrivateAccess < 6.4.9 - Use of Broken Cryptographic Algorithm via TLS 1.0 and TLS 1.1

Title source: llm
STIX 2.1

Description

SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.

References (1)

Core 1

Scores

CVSS v3 7.4
EPSS 0.0031
EPSS Percentile 22.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-327
Status published
Products (1)
westerndigital/sandisk_privateaccess < 6.4.9
Published Mar 24, 2023
Tracked Since Feb 18, 2026