CVE-2023-4328 — Insufficiently Protected Credentials in LSI Storage Authority

CWE-522 — Insufficiently Protected Credentials CWE-321 — Use of Hard-coded Cryptographic Key3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom LSI Storage Authority Broadcom Raid Controller WEB Interface

Timeline

PublishedAug 15

Description

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/raid_controller_web_interface51.12.0-2779

▶CVEListV5broadcom/lsi_storage_authority< 7.017.011.000

🔴Vulnerability Details

CVEList

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux↗2023-08-15

▶

GHSA

GHSA-c2mc-q4gg-xgm7: Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user o↗2023-08-15

▶