CVE-2023-4344 is a vulnerability in Broadcom Raid Controller Web Interface
Published on August 15, 2023
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
Vulnerability Analysis
CVE-2023-4344 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. When software generates predictable values in a context requiring unpredictability, it may be possible for an attacker to guess the next value that will be generated, and use this guess to impersonate another user or access sensitive information.
Products Associated with CVE-2023-4344
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-4344 are published in these products:
What versions of Raid Controller Web Interface are vulnerable to CVE-2023-4344?
-
Broadcom Raid Controller Web Interface
Version 51.12.0-2779