CVE-2023-5808

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:hitachi:vantara_hitachi_network_attached_storage:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

12 Dec 2023, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data', 'name': 'https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data', 'tags': [], 'refsource': ''}
  • () https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. -

11 Dec 2023, 18:15

Type Values Removed Values Added
References
  • {'url': 'https://support.hitachivantara.com/', 'name': 'https://support.hitachivantara.com/', 'tags': ['Not Applicable'], 'refsource': ''}
  • () https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data -

08 Dec 2023, 20:15

Type Values Removed Values Added
Summary SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access HNAS configuration backup and diagnostic data, that would normally be barred to those specific administrative roles. SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

08 Dec 2023, 17:18

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References () https://support.hitachivantara.com/ - () https://support.hitachivantara.com/ - Not Applicable
CWE CWE-287
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:vantara_hitachi_network_attached_storage:*:*:*:*:*:*:*:*

07 Dec 2023, 21:15

Type Values Removed Values Added
Summary Information disclosure in SMU in Hitachi Vantara HNAS 14.8.7825.01 on Windows allows authenticated users to download sensitive files via Insecure Direct Object Reference (IDOR). SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access HNAS configuration backup and diagnostic data, that would normally be barred to those specific administrative roles.

05 Dec 2023, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-05 00:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-5808

Mitre link : CVE-2023-5808

CVE.ORG link : CVE-2023-5808


JSON object : View

Products Affected

microsoft

  • windows

hitachi

  • vantara_hitachi_network_attached_storage
CWE
CWE-287

Improper Authentication

CWE-285

Improper Authorization