#VU94638 Improper Authentication in Storage Virtualize - CVE-2024-39723

Cybersecurity Help s.r.o.

Published: 2024-07-22

Vulnerability identifier: #VU94638

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39723

CWE-ID: CWE-287

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Storage Virtualize
Other software / Other software solutions

Vendor: IBM Corporation

Description

The vulnerability allows a user with physical access to the system to bypass authentication process.

The vulnerability exists due to IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled. A user with physical access to the system can use the USB port to cause loss of access to data.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Storage Virtualize: before 8.7.0.0

External links
https://www.ibm.com/support/pages/node/7159333
https://exchange.xforce.ibmcloud.com/vulnerabilities/295935

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper authentication in IBM FlashSystem 5300