CVE-2022-2637 - OpenCVE

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachi	Storage Plug-in

Configuration 1 [-]

cpe:2.3:a:hitachi:storage_plug-in:04.8.0:*:*:*:*:vmware_vcenter:*:*

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi

Published: 2022-10-06T00:00:00

Updated: 2023-01-17T04:25:18.568Z

Reserved: 2022-08-03T00:00:00

Link: CVE-2022-2637

JSON object: View

NVD Information

Status : Modified

Published: 2022-10-06T18:15:57.510

Modified: 2023-11-07T03:46:47.513

Link: CVE-2022-2637

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2637", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "assignerShortName": "Hitachi", "dateUpdated": "2023-01-17T04:25:18.568Z", "dateReserved": "2022-08-03T00:00:00", "datePublished": "2022-10-06T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Storage Plug-in for VMware vCenter", "vendor": "Hitachi", "versions": [{"changes": [{"at": "04.9.0", "status": "unaffected"}], "lessThan": "04.9.0", "status": "affected", "version": "04.8.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.<p>This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-01-17T04:25:18.568Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}], "source": {"advisory": "hitachi-sec-2022-131", "discovery": "UNKNOWN"}, "title": "Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter", "x_generator": {"engine": "Vulnogram 0.0.9"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:storage_plug-in:04.8.0:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "A682B21A-ED61-4BBB-B92A-0F63A9600192", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de Asignaci\u00f3n Incorrecta de Privilegios en Hitachi Storage Plug-in for VMware vCenter permite a usuarios remotos autenticados causar una escalada de privilegios. Este problema afecta a: Hitachi Storage Plug-in for VMware vCenter versi\u00f3n 04.8.0"}], "id": "CVE-2022-2637", "lastModified": "2023-11-07T03:46:47.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2022-10-06T18:15:57.510", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}