Multiple vulnerabilities in Intel RAID Web Console software
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 30 |
| CVE-ID | CVE-2024-34543 CVE-2023-4328 CVE-2023-4327 CVE-2023-4326 CVE-2023-4325 CVE-2023-4324 CVE-2023-4323 CVE-2024-28170 CVE-2024-36261 CVE-2024-36247 CVE-2024-32666 CVE-2024-34545 CVE-2024-33848 CVE-2024-32940 CVE-2024-34153 CVE-2023-4329 CVE-2023-4331 CVE-2023-4332 CVE-2023-4333 CVE-2023-4334 CVE-2023-4336 CVE-2023-4337 CVE-2023-4338 CVE-2023-4339 CVE-2023-4340 CVE-2023-4341 CVE-2023-4342 CVE-2023-4343 CVE-2023-4344 CVE-2023-4345 |
| CWE-ID | CWE-284 CWE-276 CWE-16 CWE-1395 CWE-693 CWE-613 CWE-476 CWE-20 CWE-248 CWE-426 CWE-1275 CWE-326 CWE-862 CWE-614 CWE-384 CWE-200 CWE-532 CWE-523 CWE-337 CWE-285 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
RAID Web Console 3 Universal components / Libraries / Software for developers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 30 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU97295
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-34543
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can escalate privileges on the system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect default permissions
EUVDB-ID: #VU97322
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4328
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect default permissions
EUVDB-ID: #VU97321
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4327
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions. A local user with access to the system can obtain keys used for encryption.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Configuration
EUVDB-ID: #VU97320
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4326
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe issue may allow a remote attacker to perform MitM attack.
The issue exists due to presence of an insecure default TLS configuration. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Dependency on vulnerable third-party component
EUVDB-ID: #VU97319
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4325
CWE-ID:
CWE-1395 - Dependency on Vulnerable Third-Party Component
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of a vulnerable libcurl library. A remote attacker can bypass implemented security restrictions.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Protection Mechanism Failure
EUVDB-ID: #VU97318
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4324
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing HTTP Content-Security-Policy header. A remote attacker can bypass implemented security restrictions and perform XSS or spoofing attacks.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Insufficient Session Expiration
EUVDB-ID: #VU97311
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4323
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU97304
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-28170
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU97303
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-36261
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
Description
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper access control
EUVDB-ID: #VU97302
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-36247
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU97301
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-32666
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU97300
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-34545
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user can send specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Uncaught Exception
EUVDB-ID: #VU97298
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-33848
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A local user can perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU97297
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-32940
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote attacker can send specially crafted packets to the application and perform a denial of service (DoS) attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Untrusted search path
EUVDB-ID: #VU97296
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2024-34153
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Sensitive cookie with improper SameSite attribute
EUVDB-ID: #VU97987
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4329
CWE-ID:
CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the SameSite attribute for the SESSIONID cookie. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Inadequate Encryption Strength
EUVDB-ID: #VU97988
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4331
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of an insecure default TLS configuration that support obsolete and vulnerable TLS protocols. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Incorrect default permissions
EUVDB-ID: #VU97990
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4332
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for log files. A local user with access to the system can view contents of files and directories or modify them.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Inadequate Encryption Strength
EUVDB-ID: #VU97991
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4333
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the web interface does not enforce SSL cipher order. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Missing Authorization
EUVDB-ID: #VU97992
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4334
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authorization when accessing private files. A remote attacker can request files directly from the server and gain access to sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
EUVDB-ID: #VU97993
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4336
CWE-ID:
CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the Secure attribute for cookies. A remote attacker with ability to perform XSS attack can obtain session identifier of another user. MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Session Fixation
EUVDB-ID: #VU97994
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4337
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to improper session handling of managed servers on Gateway installation. A remote attacker can gain unauthorized access to the system.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Configuration
EUVDB-ID: #VU97998
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4338
CWE-ID:
CWE-16 - Configuration
Exploit availability: No
DescriptionThe issue may allow a remote attacker to bypass implemented security restrictions.
The issue exists due a missing X-Content-Type-Options header in the web server configuration. A remote attacker can gain access to potentially sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information disclosure
EUVDB-ID: #VU97999
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4339
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to exposure of private keys used for CIM stored with insecure file permissions. A remote user can gain unauthorized access to sensitive information.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Inclusion of Sensitive Information in Log Files
EUVDB-ID: #VU98000
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4340
CWE-ID:
CWE-532 - Information Exposure Through Log Files
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files, such as session identifiers. A local user can read the log files and escalate privileges within the application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Incorrect default permissions
EUVDB-ID: #VU98001
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4341
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for folders that are set by the WebGUI. A remote user can escalate privileges to root.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Unprotected Transport of Credentials
EUVDB-ID: #VU98002
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4342
CWE-ID:
CWE-523 - Unprotected Transport of Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a missing strict-transport-security policy. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information disclosure
EUVDB-ID: #VU98003
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4343
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application exposes sensitive password information in the URL passed as URL search parameter. A remote attacker can gain access to sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Predictable Seed in Pseudo-Random Number Generator (PRNG)
EUVDB-ID: #VU98004
Risk: Medium
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4344
CWE-ID:
CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of insufficiently random values cause by improper use of ssl.rnd to setup CIM connection. A remote attacker can perform MitM attack.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper Authorization
EUVDB-ID: #VU98005
Risk: Medium
CVSSv3.1: 5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-4345
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to usage of client-side controls to limit access to sensitive functionality. A remote user can bypass implemented security restriction and gain access to sensitive information.
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsRAID Web Console 3: All versions
CPE2.3 External linkshttp://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00926.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
