CVE-2023-5808

HIGH

Vantara Hitachi Network Attached Storage - Improper Authorization

Title source: rule

Description

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

Exploits (1)

nomisec WORKING POC 2 stars

by Arszilla · poc

https://github.com/Arszilla/CVE-2023-5808

View Code ZIP pw:eip

References (1)

[Various Sources] https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data.

Scores

CVSS v3 7.6

EPSS 0.0029

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Classification

CWE

CWE-287 CWE-285

Status published

Affected Products (1)

hitachi/vantara_hitachi_network_attached_storage < 14.8.7825.01

Timeline

Published Dec 05, 2023

Tracked Since Feb 18, 2026