CVE-2020-36695 - Vulnerability Details - OpenCVE

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Hitachi	Compute Systems Manager Device Manager Replication Manager Tiered Storage Manager Tuning Manager
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:hitachi:compute_systems_manager::::::::
	cpe:2.3:a:hitachi:device_manager::::::::
	cpe:2.3:a:hitachi:replication_manager::::::::
	cpe:2.3:a:hitachi:tiered_storage_manager::::::::
	cpe:2.3:a:hitachi:tuning_manager::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html

History

Mon, 21 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2023-07-18T01:59:31.566Z

Updated: 2024-10-21T19:04:12.419Z

Reserved: 2023-06-06T01:32:00.408Z

Link: CVE-2020-36695

Vulnrichment

Updated: 2024-08-04T17:37:05.235Z

NVD

Status : Modified

Published: 2023-07-18T03:15:52.963

Modified: 2024-11-21T05:30:05.247

Link: CVE-2020-36695

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2020-36695", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2023-06-06T01:32:00.408Z", "datePublished": "2023-07-18T01:59:31.566Z", "dateUpdated": "2024-10-21T19:04:12.419Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Device Manager Server"], "platforms": ["Linux"], "product": "Hitachi Device Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Tiered Storage Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Replication Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "modules": ["Hitachi Tuning Manager server", "Hitachi Tuning Manager - Agent for RAID", "Hitachi Tuning Manager - Agent for NAS"], "platforms": ["Linux"], "product": "Hitachi Tuning Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.5-02", "status": "unaffected"}], "lessThan": "8.8.5-02", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Linux"], "product": "Hitachi Compute Systems Manager", "vendor": "Hitachi", "versions": [{"changes": [{"at": "8.8.3-08", "status": "unaffected"}], "lessThan": "8.8.3-08", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.<p>This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-07-18T01:59:31.566Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "source": {"advisory": "hitachi-sec-2023-124", "discovery": "UNKNOWN"}, "title": "File and Directory Permission Vulnerability in Hitachi Command Suite", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:05.235Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-21T18:55:34.277350Z", "id": "CVE-2020-36695", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T19:04:12.419Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:37:05.235Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-36695", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T18:55:34.277350Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T19:04:06.424Z"}}], "cna": {"title": "File and Directory Permission Vulnerability in Hitachi Command Suite", "source": {"advisory": "hitachi-sec-2023-124", "discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi", "modules": ["Device Manager Server"], "product": "Hitachi Device Manager", "versions": [{"status": "affected", "changes": [{"at": "8.8.5-02", "status": "unaffected"}], "version": "0", "lessThan": "8.8.5-02", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "product": "Hitachi Tiered Storage Manager", "versions": [{"status": "affected", "changes": [{"at": "8.8.5-02", "status": "unaffected"}], "version": "0", "lessThan": "8.8.5-02", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "product": "Hitachi Replication Manager", "versions": [{"status": "affected", "changes": [{"at": "8.8.5-02", "status": "unaffected"}], "version": "0", "lessThan": "8.8.5-02", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "modules": ["Hitachi Tuning Manager server", "Hitachi Tuning Manager - Agent for RAID", "Hitachi Tuning Manager - Agent for NAS"], "product": "Hitachi Tuning Manager", "versions": [{"status": "affected", "changes": [{"at": "8.8.5-02", "status": "unaffected"}], "version": "0", "lessThan": "8.8.5-02", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "product": "Hitachi Compute Systems Manager", "versions": [{"status": "affected", "changes": [{"at": "8.8.3-08", "status": "unaffected"}], "version": "0", "lessThan": "8.8.3-08", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n", "supportingMedia": [{"type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.<p>This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2023-07-18T01:59:31.566Z"}}}, "cveMetadata": {"cveId": "CVE-2020-36695", "state": "PUBLISHED", "dateUpdated": "2024-10-21T19:04:12.419Z", "dateReserved": "2023-06-06T01:32:00.408Z", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "datePublished": "2023-07-18T01:59:31.566Z", "assignerShortName": "Hitachi"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAE91C8E-F0D3-4247-891C-742547E41147", "versionEndExcluding": "8.8.3-08", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7BAEB11-0356-426A-BAB8-1ED82F9FCF70", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12A2776-0CB0-4A79-9437-11C3391F9E29", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7300DC33-D62A-4E97-83FF-786F5D6483FA", "versionEndExcluding": "8.8.5-02", "vulnerable": true}, {"criteria": "cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D59C88B4-8761-470C-BEA3-9AF6D2380455", "versionEndExcluding": "8.8.5-02", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n"}], "id": "CVE-2020-36695", "lastModified": "2024-11-21T05:30:05.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-18T03:15:52.963", "references": [{"source": "hirt@hitachi.co.jp", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html"}], "sourceIdentifier": "hirt@hitachi.co.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "hirt@hitachi.co.jp", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}