Published: 05/12/2023 Updated: 12/12/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

SMU versions before 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hitachi vantara_hitachi_network_attached_storage

Hitachi NAS SMU Backup and Restore versions prior to 148782501 suffer from an insecure direct object reference vulnerability ...

CVE-2023-6538 CVE-2023-6538 is an Insecure Direct Object Reference (IDOR) in vulnerability found in Hitachi NAS' (HNAS') System Management Unit (SMU) Configuration Backup & Restore functionality This vulnerability affects SMU versions prior to 148782501 Exploitation This exploit requires the attacker to have control over the credentials of a user account

CVE-2023-5808 CVE-2023-5808 is an Insecure Direct Object Reference (IDOR) in vulnerability found in Hitachi NAS' (HNAS') System Management Unit (SMU) Backup & Restore functionality This vulnerability affects SMU versions prior to 148782501 Exploitation This exploit requires the attacker to have control over the credentials of a user account that is not Re

CWE-287 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data.https://nvd.nist.gov https://github.com/Arszilla/CVE-2023-6538 https://packetstormsecurity.com/files/177516/Hitachi-NAS-SMU-Backup-And-Restore-Insecure-Direct-Object-Reference.html

CVE-2023-5808

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect