Login Sign Up

CVE-2023-4323

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

CVE-2023-4323 is a critical vulnerability in Broadcom RAID Controller web interfaces that allows improper session management, potentially enabling attackers to hijack active administrative sessions. This affects organizations using Broadcom RAID Controllers with the web management interface enabled. Attackers could gain unauthorized access to storage management functions.

💻 Affected Systems

Products:
  • Broadcom RAID Controllers with web management interface
Versions: Specific versions not detailed in provided references; consult Broadcom advisory for exact affected versions
Operating Systems: All operating systems using affected Broadcom RAID Controllers
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability affects the web interface session management; systems with web interface disabled may not be vulnerable.

📦 What is this software?

Raid Controller Web Interface by Broadcom

View all CVEs affecting Raid Controller Web Interface →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of storage infrastructure, data exfiltration, ransomware deployment, or destruction of RAID arrays leading to data loss and extended downtime.

🟠

Likely Case

Unauthorized administrative access to storage systems, configuration changes, potential data access, and disruption of storage operations.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication, and monitoring in place, though session hijacking could still occur within the management network.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation likely requires network access to the web interface and ability to intercept or manipulate sessions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Broadcom advisory for specific patched versions

Vendor Advisory: https://www.broadcom.com/support/resources/product-security-center

Restart Required: Yes

Instructions:

1. Check Broadcom advisory for affected products and patches. 2. Download appropriate firmware/software update from Broadcom support. 3. Apply update following Broadcom documentation. 4. Restart affected systems as required.

🔧 Temporary Workarounds

Disable Web Interface

all

Disable the vulnerable web management interface if not required for operations

Consult Broadcom documentation for disabling web interface on specific controller models

Network Segmentation

all

Restrict access to RAID controller management interfaces to trusted administrative networks only

Configure firewall rules to block external access to RAID controller management ports

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate RAID controllers from untrusted networks
  • Enforce strong authentication and implement session timeout policies

🔍 How to Verify

Check if Vulnerable:

Check Broadcom advisory for affected product models and firmware versions; verify if web interface is enabled

Check Version:

Check through RAID controller management interface or CLI tools specific to Broadcom controllers

Verify Fix Applied:

Verify firmware version matches patched version from Broadcom advisory and test session management behavior

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts
  • Unusual session activity
  • Configuration changes from unexpected sources

Network Indicators:

  • Unauthorized access attempts to RAID controller management ports
  • Suspicious traffic patterns to management interfaces

SIEM Query:

source_ip="RAID_CONTROLLER_IP" AND (event_type="session_hijack" OR event_type="unauthorized_access")

📊 Metadata

CVE ID: CVE-2023-4323
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: August 15, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON