Lucene search

HitachiCVE-2020-36652

HistoryFeb 28, 2023 - 3:15 a.m.

CVE-2020-36652

2023-02-2803:15:09

CWE-276

Hitachi

web.nvd.nist.gov

cve-2020-36652

hitachi

linux

automation director

infrastructure analytics advisor

ops center automator

ops center analyzer

ops center viewpoint

security vulnerability

nvd

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.

This issue affects Hitachi Automation Director:

from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

Affected configurations

Nvd

Node

hitachiautomation_directorRange8.2.0-00–10.6.1-00

hitachiinfrastructure_analytics_advisorRange2.0.0-00–4.0.0-00

hitachiops_center_analyzerRange<10.9.1-00

hitachiops_center_automatorRange<10.9.1-00

hitachiops_center_viewpointRange<10.9.1-00

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
hitachiautomation_director*cpe:2.3:a:hitachi:automation_director:*:*:*:*:*:*:*:*
hitachiinfrastructure_analytics_advisor*cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*
hitachiops_center_analyzer*cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*
hitachiops_center_automator*cpe:2.3:a:hitachi:ops_center_automator:*:*:*:*:*:*:*:*
hitachiops_center_viewpoint*cpe:2.3:a:hitachi:ops_center_viewpoint:*:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hitachi	automation_director	*	cpe:2.3:a:hitachi:automation_director::::::::
hitachi	infrastructure_analytics_advisor	*	cpe:2.3:a:hitachi:infrastructure_analytics_advisor::::::::
hitachi	ops_center_analyzer	*	cpe:2.3:a:hitachi:ops_center_analyzer::::::::
hitachi	ops_center_automator	*	cpe:2.3:a:hitachi:ops_center_automator::::::::
hitachi	ops_center_viewpoint	*	cpe:2.3:a:hitachi:ops_center_viewpoint::::::::
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Automation Director",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "10.6.1-00",
        "status": "affected",
        "version": "8.2.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Infrastructure Analytics Advisor",
      "Analytics probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Infrastructure Analytics Advisor",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "4.0.0-00",
        "status": "affected",
        "version": "2.0.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Automator",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Ops Center Analyzer",
      "Analyzer probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Analyzer",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Viewpoint RAID Agent"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Viewpoint",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-36652