Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux
CVE-2023-4328

5.5MEDIUM

Key Information:

Vendor: Broadcom
Status: Lsi Storage Authority (lsa)
Vendor: CVE Published:; 15 August 2023

Summary

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows

Affected Version(s)

LSI Storage Authority (LSA) 0

References

https://www.broadcom.com/support/resources/product-securi...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 15, 2023
Vulnerability Reserved
Aug 14, 2023

Credit

Intel DCG