Broadcom RAID Controller Web server (nginx) is serving private files without any authentication
CVE-2023-4334
7.5HIGH
Key Information:
- Vendor
Broadcom
- Vendor
- CVE Published:
- 15 August 2023
What is CVE-2023-4334?
The Broadcom RAID Controller Web server, powered by nginx, is susceptible to an authentication bypass vulnerability that allows unauthorized access to private files. This exploit exposes sensitive data, as the web server fails to enforce proper authentication mechanisms, potentially leading to data leaks or other security incidents. Users are urged to assess their affected systems and apply available patches to mitigate risks.
Affected Version(s)
LSI Storage Authority (LSA) 0
RAID Web Console 3 (RWC3) 0 < 7.017.011.000