CVE-2024-39723

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/295935	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7159333	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/295935	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/7159333	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*

History

21 Nov 2024, 09:28

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7159333 - Vendor Advisory~~	() https://www.ibm.com/support/pages/node/7159333 - Vendor Advisory

11 Jul 2024, 14:54

Type	Values Removed	Values Added
CWE		CWE-287
First Time		Ibm storage Virtualize Ibm
CPE		cpe:2.3:a:ibm:storage_virtualize:8.6:::::::*
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/7159333 -~~	() https://www.ibm.com/support/pages/node/7159333 - Vendor Advisory

08 Jul 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-08 01:15

Updated : 2024-11-21 09:28

NVD link : CVE-2024-39723

Mitre link : CVE-2024-39723

CVE.ORG link : CVE-2024-39723

JSON object : View

Products Affected

ibm

storage_virtualize

CWE

CWE-1299

Missing Protection Mechanism for Alternate Hardware Interface

CWE-287

Improper Authentication

{"id": "CVE-2024-39723", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2024-07-08T01:15:12.283", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7159333", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7159333", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1299"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."}, {"lang": "es", "value": " Los puertos USB de IBM FlashSystem 5300 se pueden utilizar incluso si el administrador ha desactivado el puerto. Un usuario con acceso f\u00edsico al sistema podr\u00eda utilizar el puerto USB para provocar la p\u00e9rdida de acceso a los datos. ID de IBM X-Force: 295935."}], "lastModified": "2024-11-21T09:28:17.990", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}