CVE-2020-36695 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi	Compute Systems Manager Device Manager Replication Manager Tiered Storage Manager Tuning Manager
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

OR	cpe:2.3:a:hitachi:compute_systems_manager::::::::
	cpe:2.3:a:hitachi:device_manager::::::::
	cpe:2.3:a:hitachi:replication_manager::::::::
	cpe:2.3:a:hitachi:tiered_storage_manager::::::::
	cpe:2.3:a:hitachi:tuning_manager::::::::

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2023-07-18T01:59:31.566Z

Updated: 2024-08-04T17:37:05.235Z

Reserved: 2023-06-06T01:32:00.408Z

Link: CVE-2020-36695

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-18T03:15:52.963

Modified: 2023-07-27T17:30:56.823

Link: CVE-2020-36695

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36695", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2023-06-06T01:32:00.408Z", "datePublished": "2023-07-18T01:59:31.566Z", "dateUpdated": "2024-08-04T17:37:05.235Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Device Manager Server"], "platforms": ["Linux"], "product": "Hitachi Device Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Tiered Storage Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Replication Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Hitachi Tuning Manager server", "Hitachi Tuning Manager - Agent for RAID", "Hitachi Tuning Manager - Agent for NAS"], "platforms": ["Linux"], "product": "Hitachi Tuning Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Compute Systems Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.3-08", "status": "unaffected"}], "lessThan": "8.8.3-08", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.<p>This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-07-18T01:59:31.566Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "source": {"advisory": "hitachi-sec-2023-124", "discovery": "UNKNOWN"}, "title": "File and Directory Permission Vulnerability in Hitachi Command Suite", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:05.235Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAE91C8E-F0D3-4247-891C-742547E41147", "versionEndExcluding": "8.8.3-08", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7BAEB11-0356-426A-BAB8-1ED82F9FCF70", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12A2776-0CB0-4A79-9437-11C3391F9E29", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7300DC33-D62A-4E97-83FF-786F5D6483FA", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D59C88B4-8761-470C-BEA3-9AF6D2380455", "versionEndExcluding": "8.8.5-02", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "id": "CVE-2020-36695", "lastModified": "2023-07-27T17:30:56.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2023-07-18T03:15:52.963", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}