CVE-2024-39723

MEDIUM
Published Jul 8, 2024 Modified Nov 21, 2024 CWE-1299 CWE-287

Description

IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935.

CVSS v3.1 Score

4.6
MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-1299 CWE-1299
CWE-287 Improper Authentication

Affected Products

Vendor Product
ibm storage_virtualize

References

Frequently Asked Questions

What is CVE-2024-39723? +
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935. It has a CVSS v3.1 base score of 4.6 (MEDIUM).
How severe is CVE-2024-39723? +
CVE-2024-39723 has a CVSS v3.1 score of 4.6 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2024-39723? +
CVE-2024-39723 affects products from ibm, specifically: storage_virtualize. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-39723? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-1073 7.5

Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized …
CVE-2025-26409 6.8

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the …
CVE-2024-47944 6.8

The device directly executes .patch firmware upgrade files on a USB stick without any prior authentication in the admin interface. …
CVE-2025-41697 6.8

An attacker can use an undocumented UART port on the PCB as a side-channel to get root access e.g. with …
CVE-2024-23621 10.0

A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability …
CVE-2024-23622 10.0

A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-39723 — free, no signup required.

Start Free Scan