CRITICAL🇵🇱 Wersja polska

CVE-2024-22216

CVSS 10.0v3.1pub. 2024-01-08upd. 2025-06-18

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

🤖 AI Analysis
How it works

In default configurations of maxView Storage Manager software where the Redfish server is enabled for remote system management, there is a possibility of gaining unauthorized access. The vulnerability results from improper access control (CWE-284), which allows an attacker to bypass authentication and authorization mechanisms. Access occurs over the network without the attacker needing to possess any privileges or require user interaction.

Impact

An attacker can remotely modify data stored in the system without authentication and gain access to sensitive information, which threatens the integrity and confidentiality of managed storage resources.

Mitigation & patch

Software should be updated to version 3.07.23980 or 4.07.00.25339, which contain a fix for this vulnerability. If an update is not possible immediately, consider disabling the Redfish server or restricting access to the management interface at the network level (firewall). Details are available in the manufacturer's references.

Who is affected

Microchip maxView Storage Manager (for Adaptec Smart Storage controllers) in versions from 3.00.23484 to 4.14.00.26064, excluding patched versions: 3.07.23980 and 4.07.00.25339. Affects installations with an active Redfish server configured for remote system management.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Microchip Maxview Storage Manager

    APP
    Microchip
    3.00.23484 – 4.14.00.26064
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-51438CRITICAL10.0PL ✓ten sam produkt

Nieautoryzowany dostęp w maxView Storage Manager via Redfish Server

CVE-2023-23588MEDIUM6.2ten sam produkt

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with max...

CVE-2026-3010CRITICAL9.3PL ✓ten sam vendor

XSS w Microchip TimePictra – wstrzyknięcie złośliwego skryptu

CVE-2026-2844CRITICAL9.3PL ✓ten sam vendor

Brak uwierzytelnienia dla funkcji krytycznych w Microchip TimePictra

CVE-2024-7490CRITICAL9.5PL ✓ten sam vendor

RCE przez buffer overflow w serwerze DHCP Microchip Advanced Software Framework