CVE-2023-45084

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.7 / Impact : 5.8

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://advisories.softiron.cloud	Release Notes
https://advisories.softiron.cloud	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:26

Type	Values Removed	Values Added
References	~~() https://advisories.softiron.cloud - Release Notes~~	() https://advisories.softiron.cloud - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 7.0

12 Dec 2023, 16:41

Type	Values Removed	Values Added
CWE		CWE-662
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
First Time		Softiron Softiron hypercloud
CPE		cpe:2.3:a:softiron:hypercloud::::::::
References	~~() https://advisories.softiron.cloud -~~	() https://advisories.softiron.cloud - Release Notes

05 Dec 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-05 17:15

Updated : 2024-11-21 08:26

NVD link : CVE-2023-45084

Mitre link : CVE-2023-45084

CVE.ORG link : CVE-2023-45084

JSON object : View

Products Affected

softiron

hypercloud

CWE

CWE-820

Missing Synchronization

CWE-662

Improper Synchronization

{"id": "CVE-2023-45084", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "0a72a055-908d-47f5-a16a-1f09049c16c6", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2023-12-05T17:15:08.183", "references": [{"url": "https://advisories.softiron.cloud", "tags": ["Release Notes"], "source": "0a72a055-908d-47f5-a16a-1f09049c16c6"}, {"url": "https://advisories.softiron.cloud", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "0a72a055-908d-47f5-a16a-1f09049c16c6", "description": [{"lang": "en", "value": "CWE-820"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-662"}]}], "descriptions": [{"lang": "en", "value": "An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\n\nThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\n\n"}, {"lang": "es", "value": "Existe un problema en SoftIron HyperCloud donde la extracci\u00f3n y reinserci\u00f3n del drive caddy sin reiniciar puede hacer que el sistema reconozca err\u00f3neamente el caddy como un medio nuevo y borre todos los datos de las unidades debido a una falla de sincronizaci\u00f3n faltante, lo que afecta la disponibilidad e integridad de los datos. Este problema solo afecta a los nodos de almacenamiento de \"density\" de SoftIron HyperCloud que ejecutan el software HyperCloud desde la versi\u00f3n 1.0 hasta la 2.0.3 anterior."}], "lastModified": "2024-11-21T08:26:21.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E1D94F5-3EE0-4D00-BF00-C08BB922F813", "versionEndExcluding": "2.0.3", "versionStartIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6"}