CVE-2021-20740

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

Hitachi Virtual File Platform versiones anteriores a 5.5.3-09 y anteriores a 6.4.3-09, y versiones de NEC Storage M Series NAS Gateway Nh4a/Nh8a anteriores a FOS 5.5.3-08(NEC2.5.4a) y las versiones Nh4b/Nh8b, Nh4c/Nh8c anteriores a FOS 6.4.3-08(NEC3.4.2) permiten a atacantes remotos autenticados ejecutar comandos arbitrarios del Sistema Operativo con privilegios de root por medio de vectores no especificados

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-12-17 CVE Reserved
2021-06-28 CVE Published
2023-05-14 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (3)

URL	Tag	Source
https://jvn.jp/en/jp/JVN21298724/index.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://jpn.nec.com/security-info/secinfo/nv21-011.html	2021-07-06
https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html	2021-07-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nec Search vendor "Nec"	Nas Gateway Nh4a Firmware Search vendor "Nec" for product "Nas Gateway Nh4a Firmware"	< fos_5.5.3-08\(nec2.5.4a\) Search vendor "Nec" for product "Nas Gateway Nh4a Firmware" and version " < fos_5.5.3-08\(nec2.5.4a\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh4a Search vendor "Nec" for product "Nas Gateway Nh4a"	-	-	Safe
Nec Search vendor "Nec"	Nas Gateway Nh8a Firmware Search vendor "Nec" for product "Nas Gateway Nh8a Firmware"	< fos_5.5.3-08\(nec2.5.4a\) Search vendor "Nec" for product "Nas Gateway Nh8a Firmware" and version " < fos_5.5.3-08\(nec2.5.4a\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh8a Search vendor "Nec" for product "Nas Gateway Nh8a"	-	-	Safe
Nec Search vendor "Nec"	Nas Gateway Nh4b Firmware Search vendor "Nec" for product "Nas Gateway Nh4b Firmware"	< fos_6.4.3-08\(nec3.4.2\) Search vendor "Nec" for product "Nas Gateway Nh4b Firmware" and version " < fos_6.4.3-08\(nec3.4.2\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh4b Search vendor "Nec" for product "Nas Gateway Nh4b"	-	-	Safe
Nec Search vendor "Nec"	Nas Gateway Nh8b Firmware Search vendor "Nec" for product "Nas Gateway Nh8b Firmware"	< fos_6.4.3-08\(nec3.4.2\) Search vendor "Nec" for product "Nas Gateway Nh8b Firmware" and version " < fos_6.4.3-08\(nec3.4.2\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh8b Search vendor "Nec" for product "Nas Gateway Nh8b"	-	-	Safe
Nec Search vendor "Nec"	Nas Gateway Nh4c Firmware Search vendor "Nec" for product "Nas Gateway Nh4c Firmware"	< fos_6.4.3-08\(nec3.4.2\) Search vendor "Nec" for product "Nas Gateway Nh4c Firmware" and version " < fos_6.4.3-08\(nec3.4.2\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh4c Search vendor "Nec" for product "Nas Gateway Nh4c"	-	-	Safe
Nec Search vendor "Nec"	Nas Gateway Nh8c Firmware Search vendor "Nec" for product "Nas Gateway Nh8c Firmware"	< fos_6.4.3-08\(nec3.4.2\) Search vendor "Nec" for product "Nas Gateway Nh8c Firmware" and version " < fos_6.4.3-08\(nec3.4.2\)"	-	Affected	in	Nec Search vendor "Nec"	Nas Gateway Nh8c Search vendor "Nec" for product "Nas Gateway Nh8c"	-	-	Safe
Hitachi Search vendor "Hitachi"		Virtual File Platform Search vendor "Hitachi" for product "Virtual File Platform"				< 6.4.3-09 Search vendor "Hitachi" for product "Virtual File Platform" and version " < 6.4.3-09"		-		Affected
Hitachi Search vendor "Hitachi"		Virtual File Platform Search vendor "Hitachi" for product "Virtual File Platform"				< 5.5.3-09 Search vendor "Hitachi" for product "Virtual File Platform" and version " < 5.5.3-09"		-		Affected