Japan Vulnerability NotesJVN:75585394JVN#75585394: NEC Universal RAID Utility fails to restrict access permissions
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
EPSS
Percentile
77.4%
NEC Universal RAID Utility is a software to manage a RAID controller. NEC Universal RAID Utility contains an issue where access permissions are not restricted.
Impact
A remote unauthenticated attacker may conduct arbitrary operations against the HDD on the vulunerable RAID system.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Apply a workaround
The following workaround may mitigate the affects of this vulnerability.
- Restrict access from 52805/TCP.
Products Affected
- Universal RAID Utility Ver1.40 (for Windows) Rev 680 and earlier
- Universal RAID Utility Ver2.31 (for Windows/Linux/VMware ESX) Rev 1492 and earlier
- Universal RAID Utility Ver2.5 (for Windows/Linux/VMware ESX) Rev 2244 and earlier
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
EPSS
Percentile
77.4%