CVE-2023-4331— Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-4331
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
Source: NVD (National Vulnerability Database)
Vulnerability Description
Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用已被攻破或存在风险的密码学算法
Source: NVD (National Vulnerability Database)
Vulnerability Title
Broadcom RAID Controller 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Broadcom RAID Controller是美国博通(Broadcom)公司的一系列 RAID 控制器。 Broadcom RAID Controller存在安全漏洞,该漏洞源于web界面的TLS配置支持过时的TLS协议,导致该产品易受攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Broadcom | LSI Storage Authority (LSA) | 0 ~ 7.017.011.000 | - | |
| Intel | RAID Web Console 3 (RWC3) | 0 ~ 7.017.011.000 | - |
II. Public POCs for CVE-2023-4331
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-4331
Please Login to view more intelligence information
Same Patch Batch · Broadcom · 2023-08-15 · 22 CVEs total
| CVE-2023-4334 | Broadcom RAID Controller Web server (nginx) is serving private files without any authentic | |
| CVE-2023-4345 | Broadcom RAID Controller web interface is vulnerable client-side control bypass | |
| CVE-2023-4323 | Broadcom RAID Controller web interface is vulnerable to improper session management of act | |
| CVE-2023-4324 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking H | |
| CVE-2023-4325 | Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has | |
| CVE-2023-4326 | Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configura | |
| CVE-2023-4327 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the | |
| CVE-2023-4328 | Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and th | |
| CVE-2023-4329 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP confi | |
| CVE-2023-4332 | Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the lo | |
| CVE-2023-4333 | Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server | |
| CVE-2023-4344 | Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to imp | |
| CVE-2023-4335 | Broadcom RAID Controller Web server (nginx) is serving private server-side files without a | |
| CVE-2023-4336 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP confi | |
| CVE-2023-4337 | Broadcom RAID Controller web interface is vulnerable to improper session handling of manag | |
| CVE-2023-4338 | Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP confi | |
| CVE-2023-4339 | Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for | |
| CVE-2023-4340 | Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the | |
| CVE-2023-4341 | Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of | |
| CVE-2023-4342 | Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking H |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: LSI Storage Authority (LSA)
- CVE-2023-4324
Broadcom RAID Controller web interface is vulnerable due to - CVE-2023-4326
Broadcom RAID Controller web interface is vulnerable has an - CVE-2023-4325
Broadcom RAID Controller web interface is vulnerable due to - CVE-2023-4329
Broadcom RAID Controller web interface is vulnerable due to - CVE-2023-4328
Broadcom RAID Controller web interface is vulnerable to exp
Same vendor: Broadcom
- CVE-2026-3991
Elevation of Privileges in Symantec Data Loss Prevention Win - CVE-2026-3862
Cross-Site Scripting Vulnerability in SiteMinder Administrat - CVE-2025-13919
Component Object Model (COM) Hijacking in Symantec Endpoint - CVE-2025-13918
Elevation of Privileges in Symantec Endpoint Protection Wind - CVE-2025-13917
Elevation of Privileges in Web Security Services (WSS) Agent
Same weakness: CWE-327
- CVE-2026-6411
MAXHUB Pivot Client Application Use of a Broken or Risky Cry - CVE-2026-44405
Paramiko < 4.0.0 存在SHA-1算法漏洞 - CVE-2026-32959
Silex SD-330AC和Silex AMC Manager 安全漏洞 - CVE-2026-5588
PKIX draft CompositeVerifier accepts empty signature sequenc - CVE-2025-14813
GOSTCTR implementation unable to process more than 255 block
V. Comments for CVE-2023-4331
No comments yet