CVE-2024-22216

CRITICAL

Microchip maxView Storage Manager - Info Disclosure

Title source: llm

Description

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

References (1)

Core 1

Core References

Vendor Advisory

https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability

Scores

CVSS v3 10.0

EPSS 0.0053

EPSS Percentile 40.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

microchip/maxview_storage_manager 3.00.23484 - 4.14.00.26064

Published Jan 08, 2024

Tracked Since Feb 18, 2026