CVE-2023-4344Insufficient Entropy in LSI Storage Authority

CWE-331Insufficient EntropyCWE-330Use of Insufficiently Random Values3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 75.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom LSI Storage AuthorityIntel Raid WEB Console 3Broadcom Raid Controller WEB Interface
Timeline
PublishedAug 15

Description

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5intel/raid_web_console_3< 7.017.011.000
CVEListV5broadcom/lsi_storage_authority< 7.017.011.000

🔴Vulnerability Details

2
CVEList
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection2023-08-15
GHSA
GHSA-8vq8-vjqp-8v4r: Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl2023-08-15
CVE-2023-4344 — Insufficient Entropy | cvebase