Lucene search

HitachiCVELIST:CVE-2024-4679

HistoryJul 02, 2024 - 1:51 a.m.

CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent

2024-07-0201:51:01

CWE-276

Hitachi

www.cve.org

cve-2024-4679

folder permission

vulnerability

jp1/extensible snmp agent

hitachi

windows

file manipulation

default permissions

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.2%

JSON

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "JP1/Extensible SNMP Agent for Windows",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "12-00-01",
            "status": "unaffected"
          }
        ],
        "lessThan": "12-00-01",
        "status": "affected",
        "version": "12-00",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11-00-*",
        "status": "affected",
        "version": "11-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "JP1/Extensible SNMP Agent",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "10-10-01",
        "status": "affected",
        "version": "10-10",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10-00-02",
        "status": "affected",
        "version": "10-00",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "09-00-04",
        "status": "affected",
        "version": "09-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "Job Management Partner1/Extensible SNMP Agent",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "10-10-01",
        "status": "affected",
        "version": "10-10",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10-00-02",
        "status": "affected",
        "version": "10-00",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "09-00-04",
        "status": "affected",
        "version": "09-00",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-4679