4.14.00.26064

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

microchip

critical

NVD

Published: 2024-01-08

Updated: 2024-02-15

Summary

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

Vulnerable Configurations

Part	Description	Count
Application	Microchip Microchip Maxview Storage Manager 3.00.23484 Microchip Maxview Storage Manager 3.07.23980 Microchip Maxview Storage Manager 4.14.00.26064	3

References

https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability