CVE-2023-4329

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 15, 2023

Updated: Aug 21, 2023

CWE ID 924

Summary

CVE-2023-4329 refers to a vulnerability in Broadcom RAID Controller's web interface. The issue arises due to an insecure default HTTP configuration, which fails to safeguard the SESSIONID cookie without the SameSite attribute. This oversight exposes the cookie to potential cross-site request forgery (CSRF) attacks, allowing unauthorized modifications to user sessions. Attackers can exploit this vulnerability by manipulating vulnerable applications through malicious websites. Users are advised to update their RAID controllers with the latest patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linecorp

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suNH_i
https://www.cve.org/CVERecord?id=CVE-2023-4329
https://nvd.nist.gov/vuln/detail/CVE-2023-4329

Back to Vulnerability Database

CVE-2023-4329

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations