CVE-2024-21840 - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hitachi	Storage Plug-in

Configuration 1 [-]

cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-01-30T02:08:34.752Z

Updated: 2024-08-01T22:27:36.334Z

Reserved: 2024-01-10T04:05:26.079Z

Link: CVE-2024-21840

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-30T03:15:07.867

Modified: 2024-02-06T18:32:20.340

Link: CVE-2024-21840

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21840", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-01-10T04:05:26.079Z", "datePublished": "2024-01-30T02:08:34.752Z", "dateUpdated": "2024-08-01T22:27:36.334Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hitachi Storage Plug-in for VMware vCenter", "vendor": "Hitachi", "versions": [{"changes": [{"at": "04.10.0", "status": "unaffected"}], "lessThanOrEqual": "04.9.2", "status": "affected", "version": "04.0.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows <span style=\"background-color: rgb(252, 252, 252);\">local users to read and write specific files.</span>\n\n<p>This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-01-30T02:08:34.752Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html"}], "source": {"advisory": "hitachi-sec-2024-108", "discovery": "UNKNOWN"}, "title": "Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:36.334Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*", "matchCriteriaId": "618B27D3-9BD5-4A12-8B73-F5DF27AD92B2", "versionEndExcluding": "04.10.0", "versionStartIncluding": "04.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows\u00a0local users to read and write specific files.\n\nThis issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.\n\n"}, {"lang": "es", "value": "La vulnerabilidad de permisos predeterminados incorrectos en Hitachi Storage Plug-in para VMware vCenter permite a los usuarios locales leer y escribir archivos espec\u00edficos. Este problema afecta a Hitachi Storage Plug-in para VMware vCenter: desde 04.0.0 hasta 04.9.2."}], "id": "CVE-2024-21840", "lastModified": "2024-02-06T18:32:20.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 5.3, "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}, "published": "2024-01-30T03:15:07.867", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}]}