Lucene search

SoftIronCVELIST:CVE-2023-45084

HistoryDec 05, 2023 - 4:15 p.m.

CVE-2023-45084 Media caddy removal and reinsertion without reboot may cause data loss

2023-12-0516:15:31

CWE-820

SoftIron

www.cve.org

softiron hypercloud

drive caddy

data loss

synchronization flaw

data integrity

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.5%

JSON

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.

This issue only impacts SoftIron HyperCloud “density” storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HyperCloud",
    "vendor": "SoftIron",
    "versions": [
      {
        "lessThan": "2.0.3",
        "status": "affected",
        "version": "1.0",
        "versionType": "semver"
      }
    ]
  }
]

References

advisories.softiron.cloud

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

15.5%

JSON

Related for CVELIST:CVE-2023-45084