Login Sign Up

CVE-2023-4329

9.8 CRITICAL
CSRF

📋 TL;DR

CVE-2023-4329 is a critical vulnerability in Broadcom RAID Controller web interfaces where the SESSIONID cookie lacks SameSite protection due to insecure HTTP defaults. This allows attackers to perform session hijacking and cross-site request forgery (CSRF) attacks against administrators. Organizations using affected Broadcom RAID Controllers with web management interfaces are at risk.

💻 Affected Systems

Products:
  • Broadcom RAID Controller web interface
Versions: Specific versions not detailed in provided references; check Broadcom advisory for exact affected versions.
Operating Systems: Any OS running Broadcom RAID Controller management interface
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default HTTP configuration; HTTPS may mitigate but SameSite attribute missing regardless.

📦 What is this software?

Raid Controller Web Interface by Broadcom

View all CVEs affecting Raid Controller Web Interface →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full administrative compromise of RAID controller leading to data destruction, configuration tampering, or ransomware deployment across storage infrastructure.

🟠

Likely Case

Session hijacking allowing unauthorized configuration changes, data access, or denial of service through RAID array manipulation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though CSRF attacks may still be possible.

🌐 Internet-Facing: HIGH - Web interfaces exposed to internet are trivially exploitable via CSRF and session attacks.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but techniques are well-known for CSRF/Session attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Broadcom advisory for specific patched versions

Vendor Advisory: https://www.broadcom.com/support/resources/product-security-center

Restart Required: Yes

Instructions:

1. Check Broadcom security advisory for affected versions. 2. Download and apply firmware/software update from Broadcom support. 3. Restart RAID controller services. 4. Verify SESSIONID cookie now has SameSite attribute.

🔧 Temporary Workarounds

Enable HTTPS Strictly

all

Force all web interface traffic to HTTPS to prevent cookie interception

Configure web server to redirect HTTP to HTTPS
Disable HTTP access entirely

Network Segmentation

all

Isolate RAID controller management interfaces from untrusted networks

Configure firewall rules to restrict access to management IPs
Use VLANs to separate management traffic

🧯 If You Can't Patch

  • Implement strict access controls allowing only trusted administrators from specific IP addresses
  • Deploy web application firewall (WAF) with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Inspect browser developer tools while accessing web interface - check if SESSIONID cookie lacks SameSite attribute

Check Version:

Check web interface login page or use Broadcom management CLI commands specific to your controller model

Verify Fix Applied:

Verify SESSIONID cookie now includes SameSite=Strict or SameSite=Lax attribute

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts from unusual IPs
  • Configuration changes from unexpected user sessions
  • CSRF token validation failures

Network Indicators:

  • HTTP requests to management interface with crafted cookies
  • Traffic patterns suggesting session hijacking attempts

SIEM Query:

source="raid-controller-logs" AND (event="configuration_change" OR event="authentication_failure") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2023-4329
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: August 15, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON