Lucene search

SoftIronCVELIST:CVE-2023-45085

HistoryDec 05, 2023 - 4:15 p.m.

CVE-2023-45085 When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT"

2023-12-0516:15:45

CWE-1419

SoftIron

www.cve.org

softiron hypercloud

compute nodes

initialization process

workload availability

cve-2023-45085

version 2.0.0-2.0.3

CVSS3

3.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

AI Score

4.3

Confidence

High

EPSS

Percentile

9.0%

JSON

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.

This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HyperCloud",
    "vendor": "SoftIron",
    "versions": [
      {
        "lessThan": "2.0.3",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

advisories.softiron.cloud

CVSS3

3.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

AI Score

4.3

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-45085