CVE-2024-21840 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hitachi	Storage Plug-in

Configuration 1 [-]

cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-01-30T02:08:34.752Z

Updated: 2024-01-30T02:08:34.752Z

Reserved: 2024-01-10T04:05:26.079Z

Link: CVE-2024-21840

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-30T03:15:07.867

Modified: 2024-02-06T18:32:20.340

Link: CVE-2024-21840

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-21840", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-01-10T04:05:26.079Z", "datePublished": "2024-01-30T02:08:34.752Z", "dateUpdated": "2024-01-30T02:08:34.752Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Storage Plug-in for VMware vCenter", "vendor": "Hitachi", "versions": [{"changes": [{"at": "04.10.0", "status": "unaffected"}], "lessThanOrEqual": "04.9.2", "status": "affected", "version": "04.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows <span style=\"background-color: rgb(252, 252, 252);\">local users to read and write specific files.</span>\n\n<p>This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-01-30T02:08:34.752Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html"}], "source": {"advisory": "hitachi-sec-2024-108", "discovery": "UNKNOWN"}, "title": "Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "618B27D3-9BD5-4A12-8B73-F5DF27AD92B2", "versionEndExcluding": "04.10.0", "versionStartIncluding": "04.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de permisos predeterminados incorrectos en Hitachi Storage Plug-in para VMware vCenter permite a los usuarios locales leer y escribir archivos espec\u00edficos. Este problema afecta a Hitachi Storage Plug-in para VMware vCenter: desde 04.0.0 hasta 04.9.2."}], "id": "CVE-2024-21840", "lastModified": "2024-02-06T18:32:20.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2024-01-30T03:15:07.867", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}