CVE-2023-4336

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 15, 2023
Updated: Aug 21, 2023
CWE ID 787

Summary

CVE-2023-4336 is a vulnerability affecting Broadcom RAID Controller web interfaces. The issue arises due to an insecure default HTTP configuration that fails to safeguard cookies with the Secure attribute. An attacker can potentially steal sensitive information, such as login credentials, by intercepting and decoding these cookies over unsecured connections. To mitigate this risk, it is recommended that users update their RAID controller firmware to the latest version, which includes a fix for this vulnerability. Additionally, it is essential to configure the web interface to use secure HTTPS connections and properly set cookie security options.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share