CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/295935	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7159333	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-08 01:15

Updated : 2024-07-11 14:54

NVD link : CVE-2024-39723

Mitre link : CVE-2024-39723

CVE.ORG link : CVE-2024-39723

JSON object : View

Products Affected

ibm

storage_virtualize

CWE

CWE-287

Improper Authentication

CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface

{"id": "CVE-2024-39723", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-07-08T01:15:12.283", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7159333", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1299"}]}], "descriptions": [{"lang": "en", "value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."}, {"lang": "es", "value": " Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso f\u00edsico al sistema podr\u00eda utilizar el puerto USB para provocar la p\u00e9rdida de acceso a los datos. ID de IBM X-Force: 295935."}], "lastModified": "2024-07-11T14:54:10.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}