Skip to main content

SoftIron HyperCloud CVE-2024-13058

MEDIUM
Improper Privilege Management (CWE-269)
2024-12-30 0a72a055-908d-47f5-a16a-1f09049c16c6
4.8
CVSS 4.0 · Vendor: 0a72a055-908d-47f5-a16a-1f09049c16c6
Share

Severity by source

Vendor (0a72a055-908d-47f5-a16a-1f09049c16c6) PRIMARY
4.8 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Green

Primary rating from Vendor (0a72a055-908d-47f5-a16a-1f09049c16c6) · only source for this CVE.

CVSS VectorVendor: 0a72a055-908d-47f5-a16a-1f09049c16c6

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Green
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
N

Lifecycle Timeline

1
CVE Published
Dec 30, 2024 - 22:15 cve.org
MEDIUM 4.8

DescriptionCVE.org

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.

This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.

AnalysisAI

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. Version information: before 2.5.0..

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.

Share

CVE-2024-13058 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy