MidnightBSD

Advisories for softiron

CVE-2023-45083

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.8 3.6
0a72a055-908d-47f5-a16a-1f09049c16c6 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H 0.6 3.6

Products Affected

Vendor Product Version
softiron hypercloud *
CVE-2023-45084

An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity. This issue only impacts SoftIron HyperCloud "density" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
0a72a055-908d-47f5-a16a-1f09049c16c6 7.0 HIGH CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H 0.7 5.8
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

Products Affected

Vendor Product Version
softiron hypercloud *
CVE-2023-45085

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4
0a72a055-908d-47f5-a16a-1f09049c16c6 3.2 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L 1.5 1.4

Products Affected

Vendor Product Version
softiron hypercloud *