IBM FlashSystem 5300 USB port bypass leads to data loss
CVE-2024-39723 Published on July 8, 2024

IBM FlashSystem denial of service
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-39723 can be exploited with physical access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
PHYSICAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Missing Protection Mechanism for Alternate Hardware Interface

The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.


Products Associated with CVE-2024-39723

Want to know whenever a new CVE is published for IBM Storage Virtualize? stack.watch will email you.

IBM Storage Virtualize
 

Affected Versions

IBM Storage Virtualize Version 8.6 is affected by CVE-2024-39723

Exploit Probability

EPSS
0.05%
Percentile
17.24%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.