FKIE_CVE-2020-36605

Vulnerability from fkie_nvd - Published: 2022-11-01 03:15 - Updated: 2024-11-21 05:29
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
References
hirt@hitachi.co.jphttps://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.htmlVendor Advisory
Impacted products
Vendor Product Version
hitachi infrastructure_analytics_advisor *
linux linux_kernel -
microsoft windows -
hitachi ops_center_analyzer *
linux linux_kernel -
hitachi ops_center_viewpoint *
linux linux_kernel -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BC509D6-6EB5-4050-B0A8-776B489C8AD9",
              "versionEndIncluding": "4.4.0-00",
              "versionStartIncluding": "2.0.0-00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2390B3E6-5F10-4F6A-B41C-159D2A0DCAFD",
              "versionEndExcluding": "10.9.0-00",
              "versionStartIncluding": "10.0.0-00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:ops_center_viewpoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCD3014-C1E0-47E2-9014-3D90D8AD03C3",
              "versionEndExcluding": "10.9.0-00",
              "versionStartIncluding": "10.8.0-00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.\n\n\n\nThis issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.\n"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de permisos predeterminados incorrectos en Hitachi Infrastructure Analytics Advisor en Linux (Analytics probe component), Hitachi Ops Center Analyzer en Linux (Analyzer probe component), Hitachi Ops Center Viewpoint en Linux (Viewpoint RAID Agent component) permite a los usuarios locales leer y escribir archivos espec\u00edficos . Este problema afecta a Hitachi Infrastructure Analytics Advisor: desde 2.0.0-00 hasta 4.4.0-00; Hitachi Ops Center Analyzer: desde 10.0.0-00 antes de 10.9.0-00; Hitachi Ops Center Viewpoint: desde 10.8.0-00 antes de 10.9.0-00."
    }
  ],
  "id": "CVE-2020-36605",
  "lastModified": "2024-11-21T05:29:52.817",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.7,
        "source": "hirt@hitachi.co.jp",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-01T03:15:10.617",
  "references": [
    {
      "source": "hirt@hitachi.co.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html"
    }
  ],
  "sourceIdentifier": "hirt@hitachi.co.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "hirt@hitachi.co.jp",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.