CVE-2023-45085 LOW

CVE-2023-45085: When compute hosts are disabled and reenabled, they immediately transition to "ON", not "INIT"

Vendor Softiron
Product HyperCloud
Weakness CWE-1419
Published December 5, 2023
Last update August 2, 2024

CVSS base score

3.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

What the vulnerability does

01Description

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

Key dates

02Disclosure timeline

December 5, 2023 CVE published
August 2, 2024 Record updated