System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.

CVE-2023-5808

7.6HIGH

Key Information

Vendor: Hitachi
Status: System Management Unit (smu)
Vendor: CVE Published:; 5 December 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

Affected Version(s)

System Management Unit (SMU) < 14.8.7825.01

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5808
Created by Arszilla

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 29, 2024
Risk change from: 6.5 to: 7.6 - (HIGH)
Aug 28, 2024
Vulnerability published.
Dec 5, 2023
Vulnerability Reserved.
Oct 26, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Arslan Masood