Vulnerability Details : CVE-2020-36652
Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.
Products affected by CVE-2020-36652
- Hitachi » Automation DirectorVersions from including (>=) 8.2.0-00 and up to, including, (<=) 10.6.1-00cpe:2.3:a:hitachi:automation_director:*:*:*:*:*:*:*:*
- Hitachi » Infrastructure Analytics AdvisorVersions from including (>=) 2.0.0-00 and up to, including, (<=) 4.0.0-00cpe:2.3:a:hitachi:infrastructure_analytics_advisor:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ops_center_analyzer:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ops_center_viewpoint:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ops_center_automator:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36652
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36652
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
1.8
|
4.7
|
Hitachi, Ltd. | |
7.1
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
1.8
|
5.2
|
NIST |
CWE ids for CVE-2020-36652
-
During installation, installed file permissions are set to allow anyone to modify those files.Assigned by:
- hirt@hitachi.co.jp (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-36652
-
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-106/index.html
File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center: Software Vulnerability Information: Software: HitachiVendor Advisory
Jump to