Login Sign Up

CVE-2023-28006

7.0 HIGH

📋 TL;DR

This vulnerability affects OSD Bare Metal Servers using weak cryptographic algorithms, potentially allowing attackers to decrypt sensitive data or bypass security controls. Organizations running affected HCL OSD Bare Metal Server versions are impacted.

💻 Affected Systems

Products:
  • HCL OSD Bare Metal Server
Versions: Specific versions not detailed in provided references; check vendor advisory for exact affected versions
Operating Systems: Not specified, likely multiple
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in cryptographic implementation; all configurations using affected algorithms are vulnerable.

📦 What is this software?

Bigfix Osd Bare Metal Server by Hcltech

View all CVEs affecting Bigfix Osd Bare Metal Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of encrypted data, including credentials, sensitive communications, and stored secrets, leading to full system takeover.

🟠

Likely Case

Attackers decrypt intercepted communications or stored data, gaining unauthorized access to sensitive information.

🟢

If Mitigated

Limited data exposure if strong network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires cryptographic analysis and access to encrypted data; no public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0105601

Restart Required: Yes

Instructions:

1. Review vendor advisory for affected versions. 2. Apply the recommended patch or upgrade to a fixed version. 3. Restart the OSD Bare Metal Server service. 4. Verify cryptographic algorithms are updated.

🔧 Temporary Workarounds

Disable Weak Cryptographic Algorithms

all

Configure the server to use only strong, modern cryptographic algorithms (e.g., AES-256, SHA-256) and disable deprecated ones.

Specific commands depend on server configuration; consult vendor documentation for algorithm configuration.

🧯 If You Can't Patch

  • Implement network segmentation to isolate affected servers from untrusted networks.
  • Monitor for unusual cryptographic-related activity and implement strict access controls.

🔍 How to Verify

Check if Vulnerable:

Check server configuration for use of weak cryptographic algorithms (e.g., DES, RC4, MD5) via vendor-specific tools or configuration files.

Check Version:

Consult vendor documentation for version check command specific to OSD Bare Metal Server.

Verify Fix Applied:

Verify that cryptographic algorithms in use are strong (e.g., AES-256, SHA-256) and match vendor recommendations post-patch.

📡 Detection & Monitoring

Log Indicators:

  • Failed cryptographic operations, unusual algorithm usage, or security alerts related to weak ciphers.

Network Indicators:

  • Traffic using deprecated cryptographic protocols or ciphers.

SIEM Query:

Search for events related to cryptographic algorithm changes or weak cipher usage in server logs.

📊 Metadata

CVE ID: CVE-2023-28006
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-327
Published: June 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28006, you might also want to check these:

CVE-2024-51478 9.9

This vulnerability in YesWiki allows attackers to recover password reset keys due to weak cryptograp...

Same vulnerability type (CWE-327)
CVE-2021-22738 9.8

This vulnerability in Schneider Electric homeLYnk and spaceLYnk systems allows attackers to brute-fo...

Same vulnerability type (CWE-327)
CVE-2025-69929 9.8

This vulnerability in N3uron Web User Interface v1.21.7-240207.1047 allows remote attackers to escal...

Same vulnerability type (CWE-327)