2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2021-20740" ,
"sourceIdentifier" : "vultures@jpcert.or.jp" ,
"published" : "2021-06-28T01:15:07.440" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T05:47:06.650" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors."
} ,
{
"lang" : "es" ,
"value" : "Hitachi Virtual File Platform versiones anteriores a 5.5.3-09 y anteriores a 6.4.3-09, y versiones de NEC Storage M Series NAS Gateway Nh4a/Nh8a anteriores a FOS 5.5.3-08(NEC2.5.4a) y las versiones Nh4b/Nh8b, Nh4c/Nh8c anteriores a FOS 6.4.3-08(NEC3.4.2) permiten a atacantes remotos autenticados ejecutar comandos arbitrarios del Sistema Operativo con privilegios de root por medio de vectores no especificados"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 8.0 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-78"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hitachi:virtual_file_platform:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "6.4.3-09" ,
"matchCriteriaId" : "7A6CD39E-EDCF-4BAD-9B7C-5783F55D1200"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hitachi:virtual_file_platform:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "5.5.3-09" ,
"matchCriteriaId" : "6390BCA7-8A1B-42BF-B900-594E0675DBD4"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh4a_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_5.5.3-08\\(nec2.5.4a\\)" ,
"matchCriteriaId" : "A9F1B6EF-40DA-4016-AC2B-4841B621834E"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh4a:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B592BBD3-A3FE-4592-8A42-1CFF05910EBD"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh8a_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_5.5.3-08\\(nec2.5.4a\\)" ,
"matchCriteriaId" : "B0A83B81-3A2C-4A00-98E1-506355679666"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh8a:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "58E83C81-3F8C-450F-8AC9-783A8CE8ED8B"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh4b_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_6.4.3-08\\(nec3.4.2\\)" ,
"matchCriteriaId" : "B4708947-8C38-43AE-B0F9-470E363D0E3F"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh4b:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E7FF7012-7B4E-41C0-BACF-0372466D1F77"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh8b_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_6.4.3-08\\(nec3.4.2\\)" ,
"matchCriteriaId" : "6E2BA5A4-4ABE-4B01-9381-4A67B3CB20B9"
2023-04-24 12:24:31 +02:00
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
2024-12-08 03:06:42 +00:00
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh8b:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1170BF7-0CF8-4DAF-BEC6-615A87E1D7FE"
2023-04-24 12:24:31 +02:00
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh4c_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_6.4.3-08\\(nec3.4.2\\)" ,
"matchCriteriaId" : "8764B620-C260-447C-927F-5D8BA6AF3504"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh4c:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20071B5B-6F46-4FF0-B5B7-9D0A924FFD76"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:nec:nas_gateway_nh8c_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "fos_6.4.3-08\\(nec3.4.2\\)" ,
"matchCriteriaId" : "5CE44F39-BC16-4A61-B4B5-EB5C5621E7D9"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:nec:nas_gateway_nh8c:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DACF6631-67AB-4305-8A91-FFB8F269AC6C"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://jpn.nec.com/security-info/secinfo/nv21-011.html" ,
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://jvn.jp/en/jp/JVN21298724/index.html" ,
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html" ,
"source" : "vultures@jpcert.or.jp" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://jpn.nec.com/security-info/secinfo/nv21-011.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://jvn.jp/en/jp/JVN21298724/index.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
