Impact
An information exposure vulnerability exists in Hitachi Storage Navigator that allows unauthorized disclosure of sensitive data contained within the virtual storage platform. The flaw is tied to specific firmware and software versions, potentially permitting an attacker to access configuration details, authentication credentials, or other confidential information stored by the system. The weakness is categorized as CWE-522, indicating a failure to protect data at rest or during processing.
Affected Systems
Affected products include Hitachi Virtual Storage Platform lines 5100, 5200, 5500, 5600, 5100H, 5200H, 5500H, 5600H, and VX8 prior to DKCMAIN Ver. 90‑09‑24‑00/00 and SVP Ver. 90‑09‑24/00, as well as G1000, G1500, F1500, and VX7 before DKCMAIN Ver. 80‑06‑96‑00/00 and SVP Ver. 80‑06‑91/00.
Risk and Exploitability
The CVSS score of 6.8 indicates a moderate risk level, and no EPSS value is available, implying limited publicly known exploitation activity. The vulnerability is not listed in CISA’s KEV catalog, reducing the likelihood of widespread active attacks but still requiring timely mitigation. Based on the description, the attack vector is likely local or over a management interface, as the flaw involves exposure of data stored on the device and does not specify a remote code execution path.
OpenCVE Enrichment