Lucene search

Japan Vulnerability NotesJVN:94347255

HistoryJul 03, 2024 - 12:00 a.m.

JVN#94347255: JP1/Extensible SNMP Agent fails to restrict access permissions

2024-07-0300:00:00

Japan Vulnerability Notes

jvn.jp

jp1/extensible snmp agent

access restrictions

cwe-276

hitachi

dll

update

windows 11-00

12-00

09-00 to 09-00-04

10-00 to 10-00-02

job management partner

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

JSON

JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions (CWE-276).

Impact

If an authenticated attacker who can log in to the product places a specially crafted DLL file in a specific directory, arbitrary code may be executed with the administrative privilege.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Products Affected

JP1/Extensible SNMP Agent for Windows 11-00, 12-00
JP1/Extensible SNMP Agent 09-00 to 09-00-04, 10-00 to 10-00-02, and 10-10 to 10-10-01
Job Management Partner1/Extensible SNMP Agent 09-00 to 09-00-04, 10-00 to 10-00-02, and 10-10 to 10-10-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

JSON

Related for JVN:94347255