CVE-2024-13058

Summary

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem.

This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.

Affected Software

VendorProductVersion RangeStatus
SoftIronHyperCloud2.3.0 < 2.5.0affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management
  • CWE-400: CWE-400 Uncontrolled Resource Consumption
  • CWE-285: CWE-285 Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References