Lucene search

[email protected]CVE-2020-36695

HistoryJul 18, 2023 - 3:15 a.m.

CVE-2020-36695

2023-07-1803:15:52

CWE-276

[email protected]

web.nvd.nist.gov

cve-2020-36695

hitachi

device manager

tiered storage manager

replication manager

tuning manager

compute systems manager

linux

file manipulation

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS

components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

Affected configurations

NVD

Node

linuxlinux_kernelMatch-

AND

hitachicompute_systems_managerRange<8.8.3-08

hitachidevice_managerRange<8.8.5-02

hitachireplication_managerRange<8.8.5-02

hitachitiered_storage_managerRange<8.8.5-02

hitachituning_managerRange<8.8.5-02

CPENameOperatorVersion
hitachi:compute_systems_managerhitachi compute systems managerlt8.8.3-08
hitachi:device_managerhitachi device managerlt8.8.5-02
hitachi:replication_managerhitachi replication managerlt8.8.5-02
hitachi:tiered_storage_managerhitachi tiered storage managerlt8.8.5-02
hitachi:tuning_managerhitachi tuning managerlt8.8.5-02

CPE	Name	Operator	Version
hitachi:compute_systems_manager	hitachi compute systems manager	lt	8.8.3-08
hitachi:device_manager	hitachi device manager	lt	8.8.5-02
hitachi:replication_manager	hitachi replication manager	lt	8.8.5-02
hitachi:tiered_storage_manager	hitachi tiered storage manager	lt	8.8.5-02
hitachi:tuning_manager	hitachi tuning manager	lt	8.8.5-02

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Device Manager Server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Device Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.5-02",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.5-02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Tiered Storage Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.5-02",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.5-02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Replication Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.5-02",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.5-02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Tuning Manager server",
      "Hitachi Tuning Manager - Agent for RAID",
      "Hitachi Tuning Manager - Agent for NAS"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Tuning Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.5-02",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.5-02",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Compute Systems Manager",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "8.8.3-08",
            "status": "unaffected"
          }
        ],
        "lessThan": "8.8.3-08",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2020-36695

prion1 cvelist1 nvd1