CVE-2023-4334Missing Authentication for Critical Function in LSI Storage Authority

CWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 78.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom LSI Storage AuthorityIntel Raid WEB Console 3Broadcom Raid Controller WEB Interface
Timeline
PublishedAug 15

Description

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5intel/raid_web_console_3< 7.017.011.000
CVEListV5broadcom/lsi_storage_authority< 7.017.011.000

🔴Vulnerability Details

2
CVEList
Broadcom RAID Controller Web server (nginx) is serving private files without any authentication2023-08-15
GHSA
GHSA-c8m5-4w7x-78fr: Broadcom RAID Controller Web server (nginx) is serving private files without any authentication2023-08-15
CVE-2023-4334 — LSI Storage Authority vulnerability | cvebase