CVE-2023-4344

Summary

CVE-2023-4344 is a newly identified vulnerability affecting the Broadcom RAID Controller web interface. The issue arises due to the controller's improper use of the SSL random number file (ssl.rnd) during the setup of a Common Information Model (CIM) connection. This vulnerability allows an attacker to manipulate the randomness of SSL handshake, potentially leading to predictable keys and successful man-in-the-middle attacks. Exploitation of this flaw could result in unauthorized access to sensitive RAID controller data or unauthorized modification of RAID configuration settings. It is crucial for organizations using Broadcom RAID Controllers to apply the appropriate patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.