CVE-2020-36652 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachi	Automation Director Ops Center Viewpoint Infrastructure Analytics Advisor Ops Center Analyzer Ops Center Automator
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:hitachi:automation_director::::::::
	cpe:2.3:a:hitachi:infrastructure_analytics_advisor::::::::
	cpe:2.3:a:hitachi:ops_center_analyzer::::::::
	cpe:2.3:a:hitachi:ops_center_automator::::::::
	cpe:2.3:a:hitachi:ops_center_viewpoint::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi

Published: 2023-02-28T02:06:32.073Z

Updated: 2023-02-28T02:06:32.073Z

Reserved: 2023-01-17T01:44:42.055Z

Link: CVE-2020-36652

JSON object: View

NVD Information

Status : Modified

Published: 2023-02-28T03:15:09.103

Modified: 2023-11-07T03:22:24.820

Link: CVE-2020-36652

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2020-36652", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2023-01-17T01:44:42.055Z", "datePublished": "2023-02-28T02:06:32.073Z", "dateUpdated": "2023-02-28T02:06:32.073Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Automation Director", "vendor": "Hitachi", "versions": [{"lessThanOrEqual": "10.6.1-00", "status": "affected", "version": "8.2.0-00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Hitachi Infrastructure Analytics Advisor", "Analytics probe server"], "platforms": ["Linux"], "product": "Hitachi Infrastructure Analytics Advisor", "vendor": "Hitachi", "versions": [{"lessThanOrEqual": "4.0.0-00", "status": "affected", "version": "2.0.0-00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Ops Center Automator", "vendor": "Hitachi", "versions": [{"changes": [{"at": "10.9.1-00", "status": "unaffected"}], "lessThan": "10.9.1-00", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Hitachi Ops Center Analyzer", "Analyzer probe server"], "platforms": ["Linux"], "product": "Hitachi Ops Center Analyzer", "vendor": "Hitachi", "versions": [{"changes": [{"at": "10.9.1-00", "status": "unaffected"}], "lessThan": "10.9.1-00", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Viewpoint RAID Agent"], "platforms": ["Linux"], "product": "Hitachi Ops Center Viewpoint", "vendor": "Hitachi", "versions": [{"changes": [{"at": "10.9.1-00", "status": "unaffected"}], "lessThan": "10.9.1-00", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.<br><br>This issue affects Hitachi Automation Director: \n\nfrom 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.<br>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.\n\nThis issue affects Hitachi Automation Director: \n\nfrom 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-02-28T02:06:32.073Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html"}], "source": {"advisory": "hitachi-sec-2023-106", "discovery": "UNKNOWN"}, "title": "File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:automation_director:*:*:*:*:*:*:*:*", "matchCriteriaId": "D10B6114-DE6B-47E5-BD90-42D8E64C78B9", "versionEndIncluding": "10.6.1-00", "versionStartIncluding": "8.2.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FC6D328-1D55-40D4-B3D2-10AECA8673C6", "versionEndIncluding": "4.0.0-00", "versionStartIncluding": "2.0.0-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D508BD9-66DD-4286-B7AE-8767A7FDC665", "versionEndExcluding": "10.9.1-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:ops_center_automator:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A82FADC-A7A3-4EBE-B330-86733E3BF072", "versionEndExcluding": "10.9.1-00", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:ops_center_viewpoint:*:*:*:*:*:*:*:*", "matchCriteriaId": "905687ED-5A35-4F4A-90A2-ECD315B825B7", "versionEndExcluding": "10.9.1-00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files.\n\nThis issue affects Hitachi Automation Director: \n\nfrom 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.\n"}], "id": "CVE-2020-36652", "lastModified": "2023-11-07T03:22:24.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2023-02-28T03:15:09.103", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}