Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-45083

Summary
Assigner-SoftIron
Assigner Org ID-0a72a055-908d-47f5-a16a-1f09049c16c6
Published At-05 Dec, 2023 | 16:15
Updated At-02 Aug, 2024 | 20:14
Rejected At-
Credits

HyperCloud: "admin" and "serveradmin" users can be deleted

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SoftIron
Assigner Org ID:0a72a055-908d-47f5-a16a-1f09049c16c6
Published At:05 Dec, 2023 | 16:15
Updated At:02 Aug, 2024 | 20:14
Rejected At:
▼CVE Numbering Authority (CNA)
HyperCloud: "admin" and "serveradmin" users can be deleted

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

Affected Products
Vendor
SoftIron
Product
HyperCloud
Default Status
unaffected
Versions
Affected
  • From 1.0 before 2.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.14.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-212CAPEC-212 Functionality Misuse
CAPEC ID: CAPEC-212
Description: CAPEC-212 Functionality Misuse
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://advisories.softiron.cloud
N/A
Hyperlink: https://advisories.softiron.cloud
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://advisories.softiron.cloud
x_transferred
Hyperlink: https://advisories.softiron.cloud
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:0a72a055-908d-47f5-a16a-1f09049c16c6
Published At:05 Dec, 2023 | 17:15
Updated At:12 Dec, 2023 | 16:40

An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently succeeding. This issue affects HyperCloud versions 1.0 to any release before 2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Secondary3.14.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CPE Matches
softiron
softiron
>>hypercloud>>Versions from 1.0(inclusive) to 2.1.0(exclusive)
cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-269Secondary0a72a055-908d-47f5-a16a-1f09049c16c6
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: 0a72a055-908d-47f5-a16a-1f09049c16c6
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://advisories.softiron.cloud0a72a055-908d-47f5-a16a-1f09049c16c6
Release Notes
Hyperlink: https://advisories.softiron.cloud
Source: 0a72a055-908d-47f5-a16a-1f09049c16c6
Resource:
Release Notes

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2024-13058
Matching Score-6
Assigner-SoftIron
ShareView Details
Matching Score-6
Assigner-SoftIron
CVSS Score-4.8||MEDIUM
EPSS-0.12% / 31.68%
||
7 Day CHG~0.00%
Published-30 Dec, 2024 | 22:08
Updated-29 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated, non-admin users can create storage pools via the sifi API

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0.

Action-Not Available
Vendor-SoftIron
Product-HyperCloud
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-10650
Matching Score-6
Assigner-SoftIron
ShareView Details
Matching Score-6
Assigner-SoftIron
CVSS Score-1.8||LOW
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-18 Sep, 2025 | 19:11
Updated-20 Feb, 2026 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 and 2.6.3.  No generally available (GA) or customer-released production builds were affected.  There is no evidence that this issue was exposed in customer environments or production deployments.

Action-Not Available
Vendor-SoftIron
Product-HyperCloud
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-39574
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 10.81%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 09:01
Updated-16 Sep, 2024 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.

Action-Not Available
Vendor-Dell Inc.
Product-insightiqPowerScale InsightIQpowerscale_insightiq
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0221
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.24%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 15:19
Updated-04 Apr, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program.

Action-Not Available
Vendor-Musarubra US LLC (Trellix)McAfee, LLC
Product-application_and_change_controlApplication and Change Control
CWE ID-CWE-269
Improper Privilege Management
Details not found