CVE-2023-45084 HIGH

CVE-2023-45084: Media caddy removal and reinsertion without reboot may cause data loss

Vendor Softiron
Product HyperCloud
Weakness CWE-820
Published December 5, 2023
Last update December 2, 2024

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
December 2, 2024 Record updated