#VU85833 Resource exhaustion in Storage Ceph - CVE-2023-46159

Cybersecurity Help s.r.o.

Published: 2024-01-26

Vulnerability identifier: #VU85833

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-46159

CWE-ID: CWE-400

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Storage Ceph
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a user in adjacent network to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A user in adjacent network can trigger resource exhaustion and perform a denial of service (DoS) attack from RGW.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Storage Ceph : before 6.1z2

External links
https://www.ibm.com/support/pages/node/7109101

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

IBM Storage Fusion Data Foundation update for IBM Storage Ceph

openEuler 22.03 LTS SP3 update for ceph

openEuler 20.03 LTS SP4 update for ceph

openEuler 22.03 LTS SP1 update for ceph

Multiple vulnerabilities in Red Hat Ceph Storage 5.3

Resource exhaustion in IBM Storage Ceph