Main Vulnerability Database SB2024072223

SB2024072223 - Improper authentication in IBM FlashSystem 5300

Published: July 22, 2024

Security Bulletin ID SB2024072223

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Authentication (CVE-ID: CVE-2024-39723)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a user with physical access to the system to bypass authentication process.

The vulnerability exists due to IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled. A user with physical access to the system can use the USB port to cause loss of access to data.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/7159333