Skip to main content

CVE-2023-5808

Description

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role.

NVD
Severity: MEDIUM
CVE ID: CVE-2023-5808
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Hitachi Vantara
Severity: HIGH
CVE ID: CVE-2023-5808
CVSS Score: 7.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Refrence: NVD MITRE

Proof Of Concept

Arszilla

Refrence: GitHub

Description
Proof Of Concept