1. Home
  2. CVE Database
  3. CVE-2024-22216
CRITICAL · 10.0

CVE-2024-22216

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, wi...

Vulnerability Description

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339).

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
MicrochipMaxview Storage Manager>= 3.00.23484, <= 4.14.00.26064

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2024-22216?

CVE-2024-22216 is a vulnerability with a CVSS score of 10.0 (CRITICAL). In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, wi...

How severe is CVE-2024-22216?

CVE-2024-22216 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-22216?

Check the references section above for vendor advisories and patch information. Affected products include: Microchip Maxview Storage Manager.