CVE-2023-4341Improper Privilege Management in LSI Storage Authority

3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 75.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom LSI Storage AuthorityIntel Raid WEB Console 3Broadcom Raid Controller WEB Interface
Timeline
PublishedAug 15

Description

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5intel/raid_web_console_3< 7.017.011.000
CVEListV5broadcom/lsi_storage_authority< 7.017.011.000

🔴Vulnerability Details

2
GHSA
GHSA-fv55-v3vq-qvw6: Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI2023-08-15
CVEList
Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI2023-08-15
CVE-2023-4341 — Improper Privilege Management | cvebase