CVE-2024-4679 - Vulnerability Details - OpenCVE

ReportizFlow

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Hitachi

Published: 2024-07-02T01:51:01.295Z

Updated: 2024-08-01T20:47:41.391Z

Reserved: 2024-05-09T05:32:33.169Z

Link: CVE-2024-4679

Vulnrichment

Updated: 2024-08-01T20:47:41.391Z

NVD

Status : Awaiting Analysis

Published: 2024-07-02T02:15:02.547

Modified: 2024-11-21T09:43:21.887

Link: CVE-2024-4679

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4679", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "state": "PUBLISHED", "assignerShortName": "Hitachi", "dateReserved": "2024-05-09T05:32:33.169Z", "datePublished": "2024-07-02T01:51:01.295Z", "dateUpdated": "2024-08-01T20:47:41.391Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "JP1/Extensible SNMP Agent for Windows", "vendor": "Hitachi", "versions": [{"changes": [{"at": "12-00-01", "status": "unaffected"}], "lessThan": "12-00-01", "status": "affected", "version": "12-00", "versionType": "custom"}, {"lessThanOrEqual": "11-00-*", "status": "affected", "version": "11-00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "JP1/Extensible SNMP Agent", "vendor": "Hitachi", "versions": [{"lessThanOrEqual": "10-10-01", "status": "affected", "version": "10-10", "versionType": "custom"}, {"lessThanOrEqual": "10-00-02", "status": "affected", "version": "10-00", "versionType": "custom"}, {"lessThanOrEqual": "09-00-04", "status": "affected", "version": "09-00", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Job Management Partner1/Extensible SNMP Agent", "vendor": "Hitachi", "versions": [{"lessThanOrEqual": "10-10-01", "status": "affected", "version": "10-10", "versionType": "custom"}, {"lessThanOrEqual": "10-00-02", "status": "affected", "version": "10-00", "versionType": "custom"}, {"lessThanOrEqual": "09-00-04", "status": "affected", "version": "09-00", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Shun Suzaki"}, {"lang": "en", "type": "finder", "value": "Yutaka Kokubu"}, {"lang": "en", "type": "finder", "value": "Kazuki Hirota"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.<p>This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.</p>"}], "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-07-02T01:51:01.295Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"}], "source": {"advisory": "hitachi-sec-2024-127", "discovery": "EXTERNAL"}, "title": "Folder Permission Vulnerability in JP1/Extensible SNMP Agent", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "hitachi", "product": "jp1\\/extensible_snmp_agent", "cpes": ["cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10-10", "status": "affected", "lessThanOrEqual": "10-10-01", "versionType": "custom"}, {"version": "10-00", "status": "affected", "lessThanOrEqual": "10-00-02", "versionType": "custom"}, {"version": "9-00", "status": "affected", "lessThanOrEqual": "9-00-04", "versionType": "custom"}]}, {"vendor": "hitachi", "product": "job_management_partner1\\/extensible_snmp_agent", "cpes": ["cpe:2.3:a:hitachi:job_management_partner1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10-10", "status": "affected", "lessThanOrEqual": "10-10-01", "versionType": "custom"}, {"version": "10-00", "status": "affected", "lessThanOrEqual": "10-00-02", "versionType": "custom"}, {"version": "9-00", "status": "affected", "lessThanOrEqual": "9-00-04", "versionType": "custom"}]}, {"vendor": "hitachi", "product": "jp1/extensible_snmp_agent", "cpes": ["cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "12-00", "status": "affected", "lessThan": "12-00-01", "versionType": "custom"}, {"version": "11-00", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T19:38:53.028845Z", "id": "CVE-2024-4679", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-17T15:31:54.398Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.391Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:47:41.391Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4679", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-02T19:38:53.028845Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"], "vendor": "hitachi", "product": "jp1\\/extensible_snmp_agent", "versions": [{"status": "affected", "version": "10-10", "versionType": "custom", "lessThanOrEqual": "10-10-01"}, {"status": "affected", "version": "10-00", "versionType": "custom", "lessThanOrEqual": "10-00-02"}, {"status": "affected", "version": "9-00", "versionType": "custom", "lessThanOrEqual": "9-00-04"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:hitachi:job_management_partner1\\/extensible_snmp_agent:*:*:*:*:*:*:*:*"], "vendor": "hitachi", "product": "job_management_partner1\\/extensible_snmp_agent", "versions": [{"status": "affected", "version": "10-10", "versionType": "custom", "lessThanOrEqual": "10-10-01"}, {"status": "affected", "version": "10-00", "versionType": "custom", "lessThanOrEqual": "10-00-02"}, {"status": "affected", "version": "9-00", "versionType": "custom", "lessThanOrEqual": "9-00-04"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:hitachi:jp1\\/extensible_snmp_agent:*:*:*:*:*:windows:*:*"], "vendor": "hitachi", "product": "jp1/extensible_snmp_agent", "versions": [{"status": "affected", "version": "12-00", "lessThan": "12-00-01", "versionType": "custom"}, {"status": "affected", "version": "11-00"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-03T18:16:44.953Z"}}], "cna": {"title": "Folder Permission Vulnerability in JP1/Extensible SNMP Agent", "source": {"advisory": "hitachi-sec-2024-127", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Shun Suzaki"}, {"lang": "en", "type": "finder", "value": "Yutaka Kokubu"}, {"lang": "en", "type": "finder", "value": "Kazuki Hirota"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Hitachi", "product": "JP1/Extensible SNMP Agent for Windows", "versions": [{"status": "affected", "changes": [{"at": "12-00-01", "status": "unaffected"}], "version": "12-00", "lessThan": "12-00-01", "versionType": "custom"}, {"status": "affected", "version": "11-00", "versionType": "custom", "lessThanOrEqual": "11-00-*"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "product": "JP1/Extensible SNMP Agent", "versions": [{"status": "affected", "version": "10-10", "versionType": "custom", "lessThanOrEqual": "10-10-01"}, {"status": "affected", "version": "10-00", "versionType": "custom", "lessThanOrEqual": "10-00-02"}, {"status": "affected", "version": "09-00", "versionType": "custom", "lessThanOrEqual": "09-00-04"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}, {"vendor": "Hitachi", "product": "Job Management Partner1/Extensible SNMP Agent", "versions": [{"status": "affected", "version": "10-10", "versionType": "custom", "lessThanOrEqual": "10-10-01"}, {"status": "affected", "version": "10-00", "versionType": "custom", "lessThanOrEqual": "10-00-02"}, {"status": "affected", "version": "09-00", "versionType": "custom", "lessThanOrEqual": "09-00-04"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.<p>This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "shortName": "Hitachi", "dateUpdated": "2024-07-02T01:51:01.295Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4679", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:47:41.391Z", "dateReserved": "2024-05-09T05:32:33.169Z", "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82", "datePublished": "2024-07-02T01:51:01.295Z", "assignerShortName": "Hitachi"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04."}, {"lang": "es", "value": "Vulnerabilidad de permisos predeterminados incorrectos en Hitachi JP1/Agente SNMP extensible para Windows, Hitachi JP1/Agente SNMP extensible en Windows, Hitachi Job Management Partner1/Agente SNMP extensible en Windows permite la manipulaci\u00f3n de archivos. Este problema afecta a JP1/Agente SNMP extensible para Windows: desde 12 -00 antes del 12-00-01, de 11-00 a 11-00-*; JP1/Agente SNMP extensible: del 10-10 al 10-10-01, del 10-00 al 10-00-02, del 09-00 al 09-00-04; Socio de gesti\u00f3n de trabajos1/Agente SNMP extensible: del 10-10 al 10-10-01, del 10-00 al 10-00-02, del 09-00 al 09-00-04."}], "id": "CVE-2024-4679", "lastModified": "2024-11-21T09:43:21.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-07-02T02:15:02.547", "references": [{"source": "[email protected]", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "[email protected]", "type": "Secondary"}]}