Lucene search
CertccCVE-2023-4343HistoryAug 15, 2023 - 7:15 p.m.
CVE-2023-4343
2023-08-1519:15:11
certcc
web.nvd.nist.gov
14
cve-2023-4343
broadcom
raid controller
web interface
vulnerability
sensitive information
url
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
49.7%
Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter
Affected configurations
Node
broadcomraid_controller_web_interfaceMatch51.12.0-2779
| Vendor | Product | Version | CPE |
|---|---|---|---|
| broadcom | raid_controller_web_interface | 51.12.0-2779 | cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "LSI Storage Authority (LSA)",
"vendor": "Broadcom",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAID Web Console 3 (RWC3)",
"vendor": "Intel",
"versions": [
{
"lessThan": "7.017.011.000",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.4
Confidence
High
EPSS
0.001
Percentile
49.7%
Related for CVE-2023-4343