Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions
CVE-2023-4339
7.5HIGH
Key Information:
- Vendor
Broadcom
- Vendor
- CVE Published:
- 15 August 2023
What is CVE-2023-4339?
The Broadcom RAID Controller web interface has a vulnerability that allows the exposure of private keys. This occurs due to insecure file permissions on the configuration files that store Critical Infrastructure Management (CIM). Attackers could exploit this flaw to gain unauthorized access to sensitive information, potentially leading to further compromises within the system.
Affected Version(s)
LSI Storage Authority (LSA) 0
RAID Web Console 3 (RWC3) 0 < 7.017.011.000