CVE-2023-4338

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 15, 2023

Updated: Aug 21, 2023

CWE ID 89

Summary

CVE-2023-4338: A new vulnerability has been identified in Broadcom RAID Controller web interfaces. This issue arises due to the insecure default configuration, which fails to implement X-Content-Type-Options Headers, leaving the interface susceptible to Content-Type confusion attacks. An attacker can exploit this vulnerability to execute arbitrary code or inject malicious scripts, potentially leading to unauthorized system access or data theft. Users are urged to update their RAID controller firmware to the latest version, which includes the necessary security enhancements.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/suO6u8
https://www.cve.org/CVERecord?id=CVE-2023-4338
https://nvd.nist.gov/vuln/detail/CVE-2023-4338

Back to Vulnerability Database

CVE-2023-4338

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations