Lucene search

IbmVULNRICHMENT:CVE-2024-39723

HistoryJul 08, 2024 - 12:38 a.m.

CVE-2024-39723 IBM FlashSystem denial of service

2024-07-0800:38:47

CWE-1299

ibm

github.com

ibm

flashsystem

usb

vulnerability

denial of service

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

CNA Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
    ],
    "vendor": "IBM",
    "product": "Storage Virtualize",
    "versions": [
      {
        "status": "affected",
        "version": "8.6"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/295935

www.ibm.com/support/pages/node/7159333

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-39723