CVE-2024-39723

IBM FlashSystem denial of service

CVSS 4.6 MEDIUMEPSS 0.2%CWE-1299

In short

IBM FlashSystem 5300 storage systems have a flaw where USB ports remain usable even after an administrator disables them. Someone with physical access to the device could exploit this to block access to stored data.

Technical detail

A physical access vulnerability in IBM FlashSystem 5300 where disabled USB ports fail to enforce access restrictions, allowing an attacker to leverage USB connectivity to trigger a denial of service condition affecting data availability. Mitigation requires proper physical security controls in addition to administrative port disabling.

Summary generated and translated by AI from the official description.

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

IBM · Storage Virtualize

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/295935 https://www.ibm.com/support/pages/node/7159333