{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-20740", "ASSIGNER": "vultures@jpcert.or.jp", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Hitachi and NEC Corporation", "product": { "product_data": [ { "product_name": "Hitachi Virtual File Platform and NEC Storage M Series NAS Gateway which uses Hitachi Virtual File Platform", "version": { "version_data": [ { "version_value": "Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2)" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OS Command Injection" } ] } ] }, "references": { "reference_data": [ { "url": "https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html", "refsource": "MISC", "name": "https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html" }, { "url": "https://jpn.nec.com/security-info/secinfo/nv21-011.html", "refsource": "MISC", "name": "https://jpn.nec.com/security-info/secinfo/nv21-011.html" }, { "url": "https://jvn.jp/en/jp/JVN21298724/index.html", "refsource": "MISC", "name": "https://jvn.jp/en/jp/JVN21298724/index.html" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors." } ] } }