System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
CVE-2023-5808

7.6HIGH

Key Information:

Vendor: Hitachi
Status: System Management Unit (smu)
Vendor: CVE Published:; 5 December 2023

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Affected versions of the System Management Unit (SMU) in Hitachi Vantara products are vulnerable to unintended information disclosure. This issue arises from URL manipulation, allowing authenticated users with a Storage administrative role to access sensitive HNAS configuration backup and diagnostic data that should typically be restricted. This vulnerability highlights the importance of maintaining updated software versions and implementing robust access controls to safeguard sensitive information.

Affected Version(s)

System Management Unit (SMU) 6.0 < 14.8.7825.01

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5808
Created by Arszilla

References

https://knowledge.hitachivantara.com/Security/System_Mana...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 18, 2023
👾
Exploit known to exist
Dec 18, 2023
Vulnerability published
Dec 5, 2023
Vulnerability Reserved
Oct 26, 2023

Credit

Arslan Masood