SB2024100316 - Multiple vulnerabilities in Intel RAID Web Console software
Published: October 3, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2024-34543)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can escalate privileges on the system.
2) Incorrect default permissions (CVE-ID: CVE-2023-4328)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
3) Incorrect default permissions (CVE-ID: CVE-2023-4327)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions. A local user with access to the system can obtain keys used for encryption.
4) Configuration (CVE-ID: CVE-2023-4326)
CWE-ID: CWE-16 - Configuration
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The issue may allow a remote attacker to perform MitM attack.
The issue exists due to presence of an insecure default TLS configuration. A remote attacker can perform MitM attack.
5) Dependency on vulnerable third-party component (CVE-ID: CVE-2023-4325)
CWE-ID: CWE-1395 - Dependency on Vulnerable Third-Party Component
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of a vulnerable libcurl library. A remote attacker can bypass implemented security restrictions.
6) Protection Mechanism Failure (CVE-ID: CVE-2023-4324)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing HTTP Content-Security-Policy header. A remote attacker can bypass implemented security restrictions and perform XSS or spoofing attacks.
7) Insufficient Session Expiration (CVE-ID: CVE-2023-4323)
CWE-ID: CWE-613 - Insufficient Session Expiration
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
8) Improper access control (CVE-ID: CVE-2024-28170)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.
9) Improper access control (CVE-ID: CVE-2024-36261)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
10) Improper access control (CVE-ID: CVE-2024-36247)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2024-32666)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2024-34545)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user can send specially crafted input to the application and perform a denial of service (DoS) attack.
13) Uncaught Exception (CVE-ID: CVE-2024-33848)
CWE-ID: CWE-248 - Uncaught Exception
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A local user can perform a denial of service (DoS) attack.
14) Improper access control (CVE-ID: CVE-2024-32940)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote attacker can send specially crafted packets to the application and perform a denial of service (DoS) attack.
15) Untrusted search path (CVE-ID: CVE-2024-34153)
CWE-ID: CWE-426 - Untrusted Search Path
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
16) Sensitive cookie with improper SameSite attribute (CVE-ID: CVE-2023-4329)
CWE-ID: CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the SameSite attribute for the SESSIONID cookie. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.
17) Inadequate Encryption Strength (CVE-ID: CVE-2023-4331)
CWE-ID: CWE-326 - Inadequate Encryption Strength
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of an insecure default TLS configuration that support obsolete and vulnerable TLS protocols. A remote attacker can perform MitM attack.
18) Incorrect default permissions (CVE-ID: CVE-2023-4332)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for log files. A local user with access to the system can view contents of files and directories or modify them.
19) Inadequate Encryption Strength (CVE-ID: CVE-2023-4333)
CWE-ID: CWE-326 - Inadequate Encryption Strength
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the web interface does not enforce SSL cipher order. A remote attacker can perform MitM attack.
20) Missing Authorization (CVE-ID: CVE-2023-4334)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authorization when accessing private files. A remote attacker can request files directly from the server and gain access to sensitive information.
21) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2023-4336)
CWE-ID: CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the Secure attribute for cookies. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.22) Session Fixation (CVE-ID: CVE-2023-4337)
CWE-ID: CWE-384 - Session Fixation
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to improper session handling of managed servers on Gateway installation. A remote attacker can gain unauthorized access to the system.
23) Configuration (CVE-ID: CVE-2023-4338)
CWE-ID: CWE-16 - Configuration
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The issue may allow a remote attacker to bypass implemented security restrictions.
The issue exists due a missing X-Content-Type-Options header in the web server configuration. A remote attacker can gain access to potentially sensitive information.
24) Information disclosure (CVE-ID: CVE-2023-4339)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to exposure of private keys used for CIM stored with insecure file permissions. A remote user can gain unauthorized access to sensitive information.
25) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-4340)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files, such as session identifiers. A local user can read the log files and escalate privileges within the application.
26) Incorrect default permissions (CVE-ID: CVE-2023-4341)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for folders that are set by the WebGUI. A remote user can escalate privileges to root.
27) Unprotected Transport of Credentials (CVE-ID: CVE-2023-4342)
CWE-ID: CWE-523 - Unprotected Transport of Credentials
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a missing strict-transport-security policy. A remote attacker can perform MitM attack.
28) Information disclosure (CVE-ID: CVE-2023-4343)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application exposes sensitive password information in the URL passed as URL search parameter. A remote attacker can gain access to sensitive information.
29) Predictable Seed in Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-4344)
CWE-ID: CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of insufficiently random values cause by improper use of ssl.rnd to setup CIM connection. A remote attacker can perform MitM attack.
30) Improper Authorization (CVE-ID: CVE-2023-4345)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to usage of client-side controls to limit access to sensitive functionality. A remote user can bypass implemented security restriction and gain access to sensitive information.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.