CVE-2023-4327

CWE-522 — Insufficiently Protected Credentials CWE-327 — Broken Cryptographic Algorithm3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom LSI Storage Authority (lsa)Broadcom Raid Controller WEB Interface

Timeline

PublishedAug 15

Description

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/raid_controller_web_interface51.12.0-2779

▶CVEListV5broadcom/lsi_storage_authority_(lsa)0

🔴Vulnerability Details

CVEList

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux↗2023-08-15

▶

GHSA

GHSA-q8p7-cg4r-8f76: Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user o↗2023-08-15

▶