All the vulnerabilites related to softiron - hypercloud
Vulnerability from fkie_nvd
Published
2023-12-05 17:15
Modified
2024-11-21 08:26
Severity ?
7.0 (High) - CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 0a72a055-908d-47f5-a16a-1f09049c16c6 | https://advisories.softiron.cloud | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisories.softiron.cloud | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softiron | hypercloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1D94F5-3EE0-4D00-BF00-C08BB922F813",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\n\nThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Existe un problema en SoftIron HyperCloud donde la extracci\u00f3n y reinserci\u00f3n del drive caddy sin reiniciar puede hacer que el sistema reconozca err\u00f3neamente el caddy como un medio nuevo y borre todos los datos de las unidades debido a una falla de sincronizaci\u00f3n faltante, lo que afecta la disponibilidad e integridad de los datos. Este problema solo afecta a los nodos de almacenamiento de \"density\" de SoftIron HyperCloud que ejecutan el software HyperCloud desde la versi\u00f3n 1.0 hasta la 2.0.3 anterior."
}
],
"id": "CVE-2023-45084",
"lastModified": "2024-11-21T08:26:21.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.8,
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-05T17:15:08.183",
"references": [
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
}
],
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-820"
}
],
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-05 17:15
Modified
2024-11-21 08:26
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.
An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.
This issue affects HyperCloud versions 1.0 to any release before 2.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 0a72a055-908d-47f5-a16a-1f09049c16c6 | https://advisories.softiron.cloud | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisories.softiron.cloud | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softiron | hypercloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "554F36F7-6344-4F7A-A1BE-196927DD04E5",
"versionEndExcluding": "2.1.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.\n\nAn authenticated admin-level user may be able to delete the \"admin\" or \"serveradmin\" users, which prevents authentication from subsequently succeeding.\n\nThis issue affects HyperCloud versions 1.0 to any release before 2.1.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en HyperCloud que afectar\u00e1 la capacidad de un usuario para autenticarse en el plano de gesti\u00f3n. Un usuario de nivel de administrador autenticado puede eliminar los usuarios \"admin\" o \"serveadmin\", lo que impide que la autenticaci\u00f3n se realice correctamente posteriormente. Este problema afecta a las versiones 1.0 de HyperCloud hasta cualquier versi\u00f3n anterior a la 2.1."
}
],
"id": "CVE-2023-45083",
"lastModified": "2024-11-21T08:26:21.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6,
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-05T17:15:07.950",
"references": [
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
}
],
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-05 17:15
Modified
2024-11-21 08:26
Severity ?
3.2 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.
This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| 0a72a055-908d-47f5-a16a-1f09049c16c6 | https://advisories.softiron.cloud | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisories.softiron.cloud | Release Notes |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| softiron | hypercloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFF9E8A-301B-4195-B0C7-0A97B7C64DAF",
"versionEndExcluding": "2.0.3",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u00a0 In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\n\nThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Existe un problema en SoftIron HyperCloud donde los nodos de c\u00e1lculo pueden conectarse inmediatamente sin seguir el proceso de inicializaci\u00f3n correcto. En este caso, las cargas de trabajo pueden programarse en estos nodos y desplegarse en un estado fallido o err\u00f3neo, lo que afecta la disponibilidad de estas cargas de trabajo que pueden implementarse durante este per\u00edodo de tiempo. Este problema afecta a las versiones de HyperCloud desde la 2.0.0 hasta la 2.0.3 anterior."
}
],
"id": "CVE-2023-45085",
"lastModified": "2024-11-21T08:26:21.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 1.4,
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-05T17:15:08.400",
"references": [
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://advisories.softiron.cloud"
}
],
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2023-45083
Vulnerability from cvelistv5
Published
2023-12-05 16:15
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.
An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.
This issue affects HyperCloud versions 1.0 to any release before 2.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://advisories.softiron.cloud |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SoftIron | HyperCloud |
Version: 1.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisories.softiron.cloud"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HyperCloud",
"vendor": "SoftIron",
"versions": [
{
"lessThan": "2.1",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn authenticated admin-level user may be able to delete the \"admin\" or \"serveradmin\" users, which prevents authentication from subsequently succeeding.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects HyperCloud versions 1.0 to any release before 2.1.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.\n\nAn authenticated admin-level user may be able to delete the \"admin\" or \"serveradmin\" users, which prevents authentication from subsequently succeeding.\n\nThis issue affects HyperCloud versions 1.0 to any release before 2.1.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T18:16:19.841Z",
"orgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"shortName": "SoftIron"
},
"references": [
{
"url": "https://advisories.softiron.cloud"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "HyperCloud: \"admin\" and \"serveradmin\" users can be deleted",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"assignerShortName": "SoftIron",
"cveId": "CVE-2023-45083",
"datePublished": "2023-12-05T16:15:07.027Z",
"dateReserved": "2023-10-03T19:37:55.180Z",
"dateUpdated": "2024-08-02T20:14:19.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45084
Vulnerability from cvelistv5
Published
2023-12-05 16:15
Modified
2024-12-02 17:07
Severity ?
EPSS score ?
Summary
An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.
This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://advisories.softiron.cloud |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SoftIron | HyperCloud |
Version: 1.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisories.softiron.cloud"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T17:07:33.548046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T17:07:48.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HyperCloud",
"vendor": "SoftIron",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\n\nThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Data availability and integrity"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-820",
"description": "CWE-820: Missing Synchronization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T18:16:26.857Z",
"orgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"shortName": "SoftIron"
},
"references": [
{
"url": "https://advisories.softiron.cloud"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Media caddy removal and reinsertion without reboot may cause data loss",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"assignerShortName": "SoftIron",
"cveId": "CVE-2023-45084",
"datePublished": "2023-12-05T16:15:31.559Z",
"dateReserved": "2023-10-03T19:37:55.180Z",
"dateUpdated": "2024-12-02T17:07:48.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-13058
Vulnerability from cvelistv5
Published
2024-12-30 22:08
Modified
2024-12-30 23:07
Severity ?
EPSS score ?
Summary
An issue exists in SoftIron HyperCloud
where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.
This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://advisories.softiron.cloud/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SoftIron | HyperCloud |
Version: 2.3.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T23:07:25.953819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T23:07:49.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HyperCloud",
"vendor": "SoftIron",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "2.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue exists in SoftIron HyperCloud\n where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.\n\nThis issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.\n\n\u003c/p\u003e"
}
],
"value": "An issue exists in SoftIron HyperCloud\n where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.\n\nThis issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-58",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-58 Restful Privilege Elevation"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T22:08:31.690Z",
"orgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"shortName": "SoftIron"
},
"references": [
{
"url": "https://advisories.softiron.cloud/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated, non-admin users can create storage pools via the sifi API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"assignerShortName": "SoftIron",
"cveId": "CVE-2024-13058",
"datePublished": "2024-12-30T22:08:31.690Z",
"dateReserved": "2024-12-30T21:48:00.482Z",
"dateUpdated": "2024-12-30T23:07:49.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45085
Vulnerability from cvelistv5
Published
2023-12-05 16:15
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.
This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://advisories.softiron.cloud |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SoftIron | HyperCloud |
Version: 2.0.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://advisories.softiron.cloud"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HyperCloud",
"vendor": "SoftIron",
"versions": [
{
"lessThan": "2.0.3",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u0026nbsp; In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\u003cbr\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u00a0 In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\n\nThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Availability of recently deployed instances"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1419",
"description": "CWE-1419: Incorrect Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T18:16:33.397Z",
"orgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"shortName": "SoftIron"
},
"references": [
{
"url": "https://advisories.softiron.cloud"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "When compute hosts are disabled and reenabled, they immediately transition to \"ON\", not \"INIT\"",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"assignerShortName": "SoftIron",
"cveId": "CVE-2023-45085",
"datePublished": "2023-12-05T16:15:45.986Z",
"dateReserved": "2023-10-03T19:37:55.180Z",
"dateUpdated": "2024-08-02T20:14:19.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}