CVE-2022-2637 - Vulnerability Details - OpenCVE

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00645.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi Subscribe	Storage Plug-in Subscribe

Configuration 1 [-]

cpe:2.3:a:hitachi:storage_plug-in:04.8.0:*:*:*:*:vmware_vcenter:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-34884	Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2022-10-06T00:00:00

Updated: 2024-08-03T00:46:03.300Z

Reserved: 2022-08-03T00:00:00

Link: CVE-2022-2637

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-06T18:15:57.510

Modified: 2024-11-21T07:01:25.080

Link: CVE-2022-2637

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2637", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "assignerShortName": "Hitachi", "dateUpdated": "2024-08-03T00:46:03.300Z", "dateReserved": "2022-08-03T00:00:00", "datePublished": "2022-10-06T00:00:00"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Storage Plug-in for VMware vCenter", "vendor": "Hitachi", "versions": [{"changes": [{"at": "04.9.0", "status": "unaffected"}], "lessThan": "04.9.0", "status": "affected", "version": "04.8.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.<p>This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.\n\n"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-01-17T04:25:18.568Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}], "source": {"advisory": "hitachi-sec-2022-131", "discovery": "UNKNOWN"}, "title": "Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter", "x_generator": {"engine": "Vulnogram 0.0.9"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:46:03.300Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:storage_plug-in:04.8.0:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "A682B21A-ED61-4BBB-B92A-0F63A9600192", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de Asignaci\u00f3n Incorrecta de Privilegios en Hitachi Storage Plug-in for VMware vCenter permite a usuarios remotos autenticados causar una escalada de privilegios. Este problema afecta a: Hitachi Storage Plug-in for VMware vCenter versi\u00f3n 04.8.0"}], "id": "CVE-2022-2637", "lastModified": "2024-11-21T07:01:25.080", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.2, "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-06T18:15:57.510", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-131/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}