Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites
CVE-2023-4326

7.5HIGH

Key Information:

Vendor: Broadcom
Status: Lsi Storage Authority (lsa); Raid Web Console 3 (rwc3)
Vendor: CVE Published:; 15 August 2023

Summary

The Broadcom RAID Controller web interface is susceptible to vulnerabilities due to an insecure default TLS configuration. This configuration permits the use of outdated SHA1-based ciphersuites, which can expose communications to potential interception and exploitation. Organizations using this product should take immediate action to enhance their TLS settings, ensuring the use of modern, secure ciphers in order to protect their data and maintain integrity across their network communications. Further information is available on Broadcom's support page.

Affected Version(s)

LSI Storage Authority (LSA) 0

RAID Web Console 3 (RWC3) 0

References

https://www.broadcom.com/support/resources/product-securi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2023
Vulnerability Reserved
Aug 14, 2023

Credit

Intel DCG