Login Sign Up

CVE-2023-4325

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability affects Broadcom RAID Controller web interfaces using a vulnerable version of Libcurl library. Attackers could potentially execute arbitrary code or cause denial of service on affected systems. Organizations using Broadcom RAID Controllers with web management interfaces are at risk.

💻 Affected Systems

Products:
  • Broadcom RAID Controller with web management interface
Versions: Specific versions not detailed in provided references; consult Broadcom advisory for exact affected versions.
Operating Systems: Various - depends on RAID controller platform
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with web management interface enabled and using vulnerable Libcurl library versions.

📦 What is this software?

Raid Controller Web Interface by Broadcom

View all CVEs affecting Raid Controller Web Interface →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment on the RAID controller system.

🟠

Likely Case

Denial of service affecting RAID controller management capabilities, potentially disrupting storage operations.

🟢

If Mitigated

Limited impact if web interface is isolated from production networks and access is restricted.

🌐 Internet-Facing: HIGH - Web interfaces exposed to internet could be directly exploited by remote attackers.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Based on CVSS 9.8 score, exploitation likely requires minimal complexity. Libcurl vulnerabilities are often easily exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Broadcom advisory for specific patched versions

Vendor Advisory: https://www.broadcom.com/support/resources/product-security-center

Restart Required: Yes

Instructions:

1. Access Broadcom product security center
2. Identify your specific RAID controller model
3. Download and apply the firmware update
4. Restart the RAID controller system

🔧 Temporary Workarounds

Disable web management interface

all

Temporarily disable the vulnerable web interface until patching can be completed

Specific commands vary by RAID controller model - consult documentation

Network isolation

all

Restrict network access to RAID controller management interface

Use firewall rules to block external access to management ports

🧯 If You Can't Patch

  • Isolate the RAID controller management network from production and internet access
  • Implement strict access controls and monitoring for management interface traffic

🔍 How to Verify

Check if Vulnerable:

Check RAID controller firmware version against Broadcom's advisory. Verify Libcurl version if accessible.

Check Version:

Varies by RAID controller model - typically accessible via web interface or CLI management tools

Verify Fix Applied:

Confirm firmware version matches patched version from Broadcom advisory. Test web interface functionality.

📡 Detection & Monitoring

Log Indicators:

  • Unusual authentication attempts to RAID controller web interface
  • Unexpected firmware or configuration changes
  • Web interface crash or restart logs

Network Indicators:

  • Unusual traffic patterns to RAID controller management ports
  • Exploit kit traffic patterns targeting Libcurl vulnerabilities

SIEM Query:

source="raid-controller-logs" AND (event="authentication_failure" OR event="firmware_change" OR event="web_interface_error")

📊 Metadata

CVE ID: CVE-2023-4325
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: August 15, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON