Broadcom RAID Controller web interface is vulnerable client-side control bypass
CVE-2023-4345

6.5MEDIUM

Key Information:

Vendor
Broadcom
Status
Lsi Storage Authority (lsa)
Raid Web Console 3 (rwc3)
Vendor
CVE Published:
15 August 2023

Summary

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user

Affected Version(s)

LSI Storage Authority (LSA) 0

RAID Web Console 3 (RWC3) 0 < 7.017.011.000

References

https://www.broadcom.com/support/resources/product-securi...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Intel DCG
.