CVE-2020-36695 : Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

Published 2023-07-18 03:15:53

Updated 2023-07-27 17:30:57

Source Hitachi, Ltd.

View at NVD, CVE.org

Products affected by CVE-2020-36695

Hitachi » Tuning Manager
Versions before (<) 8.8.5-02
cpe:2.3:a:hitachi:tuning_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Hitachi » Device Manager
Versions before (<) 8.8.5-02
cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Hitachi » Tiered Storage Manager
Versions before (<) 8.8.5-02
cpe:2.3:a:hitachi:tiered_storage_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Hitachi » Replication Manager
Versions before (<) 8.8.5-02
cpe:2.3:a:hitachi:replication_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Hitachi » Compute Systems Manager
Versions before (<) 8.8.3-08
cpe:2.3:a:hitachi:compute_systems_manager:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-36695

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-36695

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.6	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H	1.8	4.7	Hitachi, Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-36695

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.
Assigned by:
- hirt@hitachi.co.jp (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2020-36695

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-124/index.html

File and Directory Permissions Vulnerability in Hitachi Command Suite: Software Vulnerability Information: Software: Hitachi
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-36695

Products affected by CVE-2020-36695

Exploit prediction scoring system (EPSS) score for CVE-2020-36695

CVSS scores for CVE-2020-36695

CWE ids for CVE-2020-36695

References for CVE-2020-36695