CVE-2023-4333

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

CVSS v3.0 5.5 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.broadcom.com/support/resources/product-security-center	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

25 Sep 2024, 01:15

Type	Values Removed	Values Added
Summary	~~Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows~~	Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server

21 Aug 2023, 18:38

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:::::::*
First Time		Broadcom Broadcom raid Controller Web Interface Microsoft Microsoft windows
References	~~(MISC) https://www.broadcom.com/support/resources/product-security-center -~~	(MISC) https://www.broadcom.com/support/resources/product-security-center - Product
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		NVD-CWE-noinfo

15 Aug 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-15 19:15

Updated : 2024-09-25 01:15

NVD link : CVE-2023-4333

Mitre link : CVE-2023-4333

JSON object : View

Products Affected

microsoft

windows

broadcom

raid_controller_web_interface

CWE

NVD-CWE-noinfo

5.5 /10