CVE-2023-4345 — Sensitive Information Exposure in LSI Storage Authority

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 89.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom LSI Storage Authority Intel Raid WEB Console 3 Broadcom Raid Controller WEB Interface

Timeline

PublishedAug 15

Description

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDbroadcom/raid_controller_web_interface51.12.0-2779

▶CVEListV5intel/raid_web_console_3< 7.017.011.000

▶CVEListV5broadcom/lsi_storage_authority< 7.017.011.000

🔴Vulnerability Details

GHSA

GHSA-wfv7-gj87-q7qv: Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user↗2023-08-15

▶

CVEList

Broadcom RAID Controller web interface is vulnerable client-side control bypass↗2023-08-15

▶