CVE-2023-4333

CWE-3263 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 97.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom LSI Storage Authority (lsa)Broadcom Raid Controller WEB Interface

Timeline

PublishedAug 15

Description

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDbroadcom/raid_controller_web_interface51.12.0-2779

▶CVEListV5broadcom/lsi_storage_authority_(lsa)< 7.017.011.000

🔴Vulnerability Details

CVEList

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server↗2023-08-15

▶

GHSA

GHSA-m89f-h769-x259: Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user o↗2023-08-15

▶