Lucene search

SoftIronCVE-2023-45084

HistoryDec 05, 2023 - 5:15 p.m.

CVE-2023-45084

2023-12-0517:15:08

CWE-820

CWE-662

SoftIron

web.nvd.nist.gov

softiron hypercloud

drive caddy

data availability

integrity

synchronization flaw

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

15.5%

JSON

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.

This issue only impacts SoftIron HyperCloud “density” storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

Affected configurations

Nvd

Node

softironhypercloudRange1.0–2.0.3

VendorProductVersionCPE
softironhypercloud*cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
softiron	hypercloud	*	cpe:2.3:a:softiron:hypercloud::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HyperCloud",
    "vendor": "SoftIron",
    "versions": [
      {
        "lessThan": "2.0.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

advisories.softiron.cloud

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVE-2023-45084