cve/2023/CVE-2023-6538.md

CVE-2023-6538

Description

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles.

POC

Reference

No PoCs from references.

Github

• https://github.com/Arszilla/CVE-2023-5808
• https://github.com/Arszilla/CVE-2023-6538
• https://github.com/nomi-sec/PoC-in-GitHub