Improper Authentication in Storage Virtualize - CVE-2024-39723

 

Improper Authentication in Storage Virtualize - CVE-2024-39723

Published: July 22, 2024


Vulnerability identifier: #VU94638
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-39723
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
Storage Virtualize

Detailed vulnerability description

The vulnerability allows a user with physical access to the system to bypass authentication process.

The vulnerability exists due to IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled. A user with physical access to the system can use the USB port to cause loss of access to data.


How to mitigate CVE-2024-39723

Install updates from vendor's website.

Sources