CVE-2023-34143

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.

CVSS v3 5.6 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html	Vendor Advisory
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

21 Nov 2024, 08:06

Type	Values Removed	Values Added
References	~~() https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html - Vendor Advisory~~	() https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~8.1~~	v2 : unknown v3 : 5.6

Information

Published : 2023-07-18 03:15

Updated : 2024-11-21 08:06

NVD link : CVE-2023-34143

Mitre link : CVE-2023-34143

CVE.ORG link : CVE-2023-34143

JSON object : View

Products Affected

linux

linux_kernel

hitachi

device_manager

microsoft

windows

CWE

CWE-297

Improper Validation of Certificate with Host Mismatch

CWE-295

Improper Certificate Validation

{"id": "CVE-2023-34143", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "hirt@hitachi.co.jp", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2023-07-18T03:15:55.510", "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html", "tags": ["Vendor Advisory"], "source": "hirt@hitachi.co.jp"}, {"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "hirt@hitachi.co.jp", "description": [{"lang": "en", "value": "CWE-297"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n"}], "lastModified": "2024-11-21T08:06:38.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7BAEB11-0356-426A-BAB8-1ED82F9FCF70", "versionEndExcluding": "8.8.5-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hirt@hitachi.co.jp"}