StorageGRID 11.6.x DoS: LDR Service Crash Vulnerability
CVE-2023-27318 Published on February 5, 2024
StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.13 are susceptible to a Denial of Service (DoS) vulnerability. A successful exploit could lead to a crash of the Local Distribution Router (LDR) service.
Vulnerability Analysis
CVE-2023-27318 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Uncaught Exception
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Products Associated with CVE-2023-27318
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-27318 are published in NetApp Storagegrid:
Affected Versions
NetApp StorageGRID (formerly StorageGRID Webscale) :- Version 11.6.0, <= 11.6.0.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.