Lucene search

HitachiCVELIST:CVE-2020-36652

HistoryFeb 28, 2023 - 2:06 a.m.

CVE-2020-36652 File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center

2023-02-2802:06:32

CWE-276

Hitachi

www.cve.org

hitachi

linux

vulnerability

permissions

automation director

infrastructure analytics advisor

ops center

6.6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.

This issue affects Hitachi Automation Director:

from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Automation Director",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "10.6.1-00",
        "status": "affected",
        "version": "8.2.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Infrastructure Analytics Advisor",
      "Analytics probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Infrastructure Analytics Advisor",
    "vendor": "Hitachi",
    "versions": [
      {
        "lessThanOrEqual": "4.0.0-00",
        "status": "affected",
        "version": "2.0.0-00",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Automator",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Hitachi Ops Center Analyzer",
      "Analyzer probe server"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Analyzer",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Viewpoint RAID Agent"
    ],
    "platforms": [
      "Linux"
    ],
    "product": "Hitachi Ops Center Viewpoint",
    "vendor": "Hitachi",
    "versions": [
      {
        "changes": [
          {
            "at": "10.9.1-00",
            "status": "unaffected"
          }
        ],
        "lessThan": "10.9.1-00",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html