CVE-2020-36695 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachi	Tuning Manager Replication Manager Compute Systems Manager Device Manager Tiered Storage Manager
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:hitachi:compute_systems_manager::::::::
	cpe:2.3:a:hitachi:device_manager::::::::
	cpe:2.3:a:hitachi:replication_manager::::::::
	cpe:2.3:a:hitachi:tiered_storage_manager::::::::
	cpe:2.3:a:hitachi:tuning_manager::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi

Published: 2023-07-18T01:59:31.566Z

Updated: 2023-07-18T01:59:31.566Z

Reserved: 2023-06-06T01:32:00.408Z

Link: CVE-2020-36695

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-18T03:15:52.963

Modified: 2023-07-27T17:30:56.823

Link: CVE-2020-36695

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2020-36695", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2023-06-06T01:32:00.408Z", "datePublished": "2023-07-18T01:59:31.566Z", "dateUpdated": "2023-07-18T01:59:31.566Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Device Manager Server"], "platforms": ["Linux"], "product": "Hitachi Device Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Tiered Storage Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Replication Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Hitachi Tuning Manager server", "Hitachi Tuning Manager - Agent for RAID", "Hitachi Tuning Manager - Agent for NAS"], "platforms": ["Linux"], "product": "Hitachi Tuning Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Compute Systems Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.3-08", "status": "unaffected"}], "lessThan": "8.8.3-08", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.<p>This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-07-18T01:59:31.566Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "source": {"advisory": "hitachi-sec-2023-124", "discovery": "UNKNOWN"}, "title": "File and Directory Permission Vulnerability in Hitachi Command Suite", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAE91C8E-F0D3-4247-891C-742547E41147", "versionEndExcluding": "8.8.3-08", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7BAEB11-0356-426A-BAB8-1ED82F9FCF70", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12A2776-0CB0-4A79-9437-11C3391F9E29", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7300DC33-D62A-4E97-83FF-786F5D6483FA", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D59C88B4-8761-470C-BEA3-9AF6D2380455", "versionEndExcluding": "8.8.5-02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "id": "CVE-2020-36695", "lastModified": "2023-07-27T17:30:56.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2023-07-18T03:15:52.963", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}