CVE-2024-22216
📋 TL;DR
This vulnerability allows unauthorized access to Microchip maxView Storage Manager's Redfish server, enabling attackers to modify data and disclose sensitive information. It affects all default installations with Redfish configured for remote management, specifically versions 3.00.23484 through 4.14.00.26064 (except patched versions 3.07.23980 and 4.07.00.25339).
💻 Affected Systems
- Microchip maxView Storage Manager for Adaptec Smart Storage Controllers
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing data destruction, configuration tampering, and full information disclosure of storage systems.
Likely Case
Unauthorized data access and modification of storage configurations leading to data integrity issues.
If Mitigated
Limited impact if proper network segmentation and access controls prevent unauthorized Redfish access.
🎯 Exploit Status
CWE-284 indicates improper access control, suggesting straightforward exploitation once Redfish interface is reached.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.07.23980 or 4.07.00.25339
Restart Required: Yes
Instructions:
1. Download patched version from Microchip support portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart system and verify Redfish service is running.
🔧 Temporary Workarounds
Disable Redfish Remote Management
allDisable Redfish server or restrict to localhost only if remote management not required.
Configure maxView Storage Manager settings to disable Redfish remote access
Network Segmentation
linuxRestrict network access to Redfish port (typically 443/HTTPS) using firewall rules.
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to isolate Redfish interface from untrusted networks
- Enable detailed logging and monitoring for unauthorized access attempts to Redfish endpoints
🔍 How to Verify
Check if Vulnerable:
Check maxView Storage Manager version and verify if Redfish server is enabled for remote management.Check Version:
Check version in maxView Storage Manager GUI or via 'maxview --version' command lineVerify Fix Applied:
Confirm version is 3.07.23980 or higher for v3, or 4.07.00.25339 or higher for v4.📡 Detection & Monitoring
Log Indicators:
- Unauthorized authentication attempts to Redfish endpoints
- Unexpected configuration changes to storage systems
Network Indicators:
- Unusual traffic to Redfish port (443) from unexpected sources
- Redfish API calls from unauthorized IP addresses
SIEM Query:
source="maxview" AND (event="authentication_failure" OR event="configuration_change")🔗 References
- https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability
- https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability
