CVE-2023-6538

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6538
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:system_management_unit:-:*:*:*:*:*:*:*
History

14 Dec 2023, 17:02

Type Values Removed Values Added
CWE NVD-CWE-Other
CPE cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hitachi:system_management_unit:-:*:*:*:*:*:*:*
References () https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. - () https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

12 Dec 2023, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data', 'name': 'https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data', 'tags': [], 'refsource': ''}
  • () https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data. -

11 Dec 2023, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-11 18:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-6538

Mitre link : CVE-2023-6538

CVE.ORG link : CVE-2023-6538

JSON object : View

Products Affected

hitachi

  • system_management_unit
  • system_management_unit_firmware
CWE
NVD-CWE-Other CWE-285

Improper Authorization