CVE-2023-6538 : SMU versions prior to 14.8.7825.01 are susceptible to unintended information dis

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

Published 2023-12-11 18:15:30

Updated 2023-12-14 17:02:15

Source Hitachi Vantara

View at NVD, CVE.org

Vulnerability category: BypassGain privilegeInformation leak

Products affected by CVE-2023-6538

Hitachi » System Management Unit Firmware
Versions before (<) 14.8.7825.01
cpe:2.3:o:hitachi:system_management_unit_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hitachi » System Management Unit » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-6538

EPSS FAQ

9.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 92 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6538

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L	2.8	4.7	Hitachi Vantara
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: Low

CWE ids for CVE-2023-6538

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: security.vulnerabilities@hitachivantara.com (Secondary)

References for CVE-2023-6538

https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data.

System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuratio
Vendor Advisory
https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_is_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_SMU_configuration_backup_data

Page not found - Hitachi Vantara Knowledge

Jump to

Vulnerability Details : CVE-2023-6538

Products affected by CVE-2023-6538

Exploit prediction scoring system (EPSS) score for CVE-2023-6538

CVSS scores for CVE-2023-6538

CWE ids for CVE-2023-6538

References for CVE-2023-6538