Hypercloud
CVE-2023-45083
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.
An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.
This issue affects HyperCloud versions 1.0 to any release before 2.1.
AnalysisAI
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding.0 to any release before 2.1. Affected products include: Softiron Hypercloud. Version information: before 2.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Hypercloud
View allAn issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct ini
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today