CVE-2020-36652
File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.
This issue affects Hitachi Automation Director:
from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-01-17 CVE Reserved
- 2023-02-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
- CAPEC-165: File Manipulation
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hitachi Search vendor "Hitachi" | Automation Director Search vendor "Hitachi" for product "Automation Director" | >= 8.2.0-00 <= 10.6.1-00 Search vendor "Hitachi" for product "Automation Director" and version " >= 8.2.0-00 <= 10.6.1-00" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Hitachi Search vendor "Hitachi" | Infrastructure Analytics Advisor Search vendor "Hitachi" for product "Infrastructure Analytics Advisor" | >= 2.0.0-00 <= 4.0.0-00 Search vendor "Hitachi" for product "Infrastructure Analytics Advisor" and version " >= 2.0.0-00 <= 4.0.0-00" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Hitachi Search vendor "Hitachi" | Ops Center Analyzer Search vendor "Hitachi" for product "Ops Center Analyzer" | < 10.9.1-00 Search vendor "Hitachi" for product "Ops Center Analyzer" and version " < 10.9.1-00" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Hitachi Search vendor "Hitachi" | Ops Center Automator Search vendor "Hitachi" for product "Ops Center Automator" | < 10.9.1-00 Search vendor "Hitachi" for product "Ops Center Automator" and version " < 10.9.1-00" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Hitachi Search vendor "Hitachi" | Ops Center Viewpoint Search vendor "Hitachi" for product "Ops Center Viewpoint" | < 10.9.1-00 Search vendor "Hitachi" for product "Ops Center Viewpoint" and version " < 10.9.1-00" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|