Vulnerability Details : CVE-2023-34143
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.
Products affected by CVE-2023-34143
- cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34143
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34143
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.6
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
2.2
|
3.4
|
Hitachi, Ltd. | |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2023-34143
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
-
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.Assigned by: hirt@hitachi.co.jp (Secondary)
References for CVE-2023-34143
-
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html
Multiple Vulnerabilities in Hitachi Device Manager: Software Vulnerability Information: Software: HitachiVendor Advisory
Jump to