Improper Authorization Vulnerability of the maintenance utility in Hitachi Virtual Storage Platform allows an attacker who can reach the utility to bypass intended access controls and perform privileged actions on the system. The flaw arises from missing or insufficient authorization checks, enabling unauthorized users to use maintenance functions beyond their permitted scope, potentially accessing or altering data and configuration settings. The weakness is classified as CWE-862, which focuses on missing or ineffective authorization controls.

The issue affects Hitachi Virtual Storage Platform models E390, E590, E790, E990, E1090, and their "H" variants before DKCMAIN Ver. 93-07-26‑xx/00 and GUM Ver. 93-07-26/00; models 5100, 5500, 5100H, 5500H, 5200, 5600, 5200H, 5600H before DKCMAIN Ver. 90-09-27‑00/00 and GUM Ver. 90-09-27/00; and models G130, G150, G350, G370, G700, G900, F350, F370, F700, F900 before DKCMAIN Ver. 88-08-16‑xx/00 and GUM Ver. 88-08-20/00.

The CVSS score of 8.3 indicates a high-severity vulnerability, and the EPSS score is not available, meaning an exact exploitation probability cannot be quantified from the data. The vulnerability is not listed in the CISA KEV catalog. Because the maintenance utility is typically accessed over the platform’s management network, the likely attack vector is remote, although local attackers with network access could also exploit the flaw. Exploitation would require the attacker to reach the maintenance interface, bypass authentication checks, and trigger privileged functions, which could compromise data integrity and confidentiality.