CVE-2023-4329

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 15, 2023
Updated: Aug 21, 2023
CWE ID 924

Summary

CVE-2023-4329 refers to a vulnerability in Broadcom RAID Controller's web interface. The issue arises due to an insecure default HTTP configuration, which fails to safeguard the SESSIONID cookie without the SameSite attribute. This oversight exposes the cookie to potential cross-site request forgery (CSRF) attacks, allowing unauthorized modifications to user sessions. Attackers can exploit this vulnerability by manipulating vulnerable applications through malicious websites. Users are advised to update their RAID controllers with the latest patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share