Improper Authentication in Storage Virtualize - CVE-2024-39723
Published: July 22, 2024
Vulnerability identifier: #VU94638
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39723
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
Storage Virtualize
Storage Virtualize
Detailed vulnerability description
The vulnerability allows a user with physical access to the system to bypass authentication process.
The vulnerability exists due to IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled. A user with physical access to the system can use the USB port to cause loss of access to data.
How to mitigate CVE-2024-39723
Install updates from vendor's website.