SB2024100316 - Multiple vulnerabilities in Intel RAID Web Console software
Published: October 3, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2024-34543)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A local user can escalate privileges on the system.
2) Incorrect default permissions (CVE-ID: CVE-2023-4328)
The vulnerability allows a local user to gain access to sensitive information.
3) Incorrect default permissions (CVE-ID: CVE-2023-4327)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incorrect default permissions. A local user with access to the system can obtain keys used for encryption.
4) Configuration (CVE-ID: CVE-2023-4326)
The issue may allow a remote attacker to perform MitM attack.
The issue exists due to presence of an insecure default TLS configuration. A remote attacker can perform MitM attack.
5) Dependency on vulnerable third-party component (CVE-ID: CVE-2023-4325)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of a vulnerable libcurl library. A remote attacker can bypass implemented security restrictions.
6) Protection Mechanism Failure (CVE-ID: CVE-2023-4324)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing HTTP Content-Security-Policy header. A remote attacker can bypass implemented security restrictions and perform XSS or spoofing attacks.
7) Insufficient Session Expiration (CVE-ID: CVE-2023-4323)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
8) Improper access control (CVE-ID: CVE-2024-28170)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information.
9) Improper access control (CVE-ID: CVE-2024-36261)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
10) Improper access control (CVE-ID: CVE-2024-36247)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2024-32666)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote user can send specially crafted input to the application and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2024-34545)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated user can send specially crafted input to the application and perform a denial of service (DoS) attack.
13) Uncaught Exception (CVE-ID: CVE-2024-33848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling. A local user can perform a denial of service (DoS) attack.
14) Improper access control (CVE-ID: CVE-2024-32940)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A remote attacker can send specially crafted packets to the application and perform a denial of service (DoS) attack.
15) Untrusted search path (CVE-ID: CVE-2024-34153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
16) Sensitive cookie with improper SameSite attribute (CVE-ID: CVE-2023-4329)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the SameSite attribute for the SESSIONID cookie. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.
17) Inadequate Encryption Strength (CVE-ID: CVE-2023-4331)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of an insecure default TLS configuration that support obsolete and vulnerable TLS protocols. A remote attacker can perform MitM attack.
18) Incorrect default permissions (CVE-ID: CVE-2023-4332)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for log files. A local user with access to the system can view contents of files and directories or modify them.
19) Inadequate Encryption Strength (CVE-ID: CVE-2023-4333)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the web interface does not enforce SSL cipher order. A remote attacker can perform MitM attack.
20) Missing Authorization (CVE-ID: CVE-2023-4334)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to missing authorization when accessing private files. A remote attacker can request files directly from the server and gain access to sensitive information.
21) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2023-4336)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the web interface does not set the Secure attribute for cookies. A remote attacker with ability to perform XSS attack can obtain session identifier of another user.22) Session Fixation (CVE-ID: CVE-2023-4337)
The vulnerability allows a remote attacker to gain unauthorized access to the system.
The vulnerability exists due to improper session handling of managed servers on Gateway installation. A remote attacker can gain unauthorized access to the system.
23) Configuration (CVE-ID: CVE-2023-4338)
The issue may allow a remote attacker to bypass implemented security restrictions.
The issue exists due a missing X-Content-Type-Options header in the web server configuration. A remote attacker can gain access to potentially sensitive information.
24) Information disclosure (CVE-ID: CVE-2023-4339)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to exposure of private keys used for CIM stored with insecure file permissions. A remote user can gain unauthorized access to sensitive information.
25) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-4340)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files, such as session identifiers. A local user can read the log files and escalate privileges within the application.
26) Incorrect default permissions (CVE-ID: CVE-2023-4341)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for folders that are set by the WebGUI. A remote user can escalate privileges to root.
27) Unprotected Transport of Credentials (CVE-ID: CVE-2023-4342)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a missing strict-transport-security policy. A remote attacker can perform MitM attack.
28) Information disclosure (CVE-ID: CVE-2023-4343)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application exposes sensitive password information in the URL passed as URL search parameter. A remote attacker can gain access to sensitive information.
29) Predictable Seed in Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-4344)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to usage of insufficiently random values cause by improper use of ssl.rnd to setup CIM connection. A remote attacker can perform MitM attack.
30) Improper Authorization (CVE-ID: CVE-2023-4345)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to usage of client-side controls to limit access to sensitive functionality. A remote user can bypass implemented security restriction and gain access to sensitive information.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.