CVE-2021-20740

Published: Jun 28, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

Affected (8)

Products: Hitachi: Virtual File Platform · Nec: Nas Gateway Nh4a Firmware, Nas Gateway Nh8a Firmware, Nas Gateway Nh4b Firmware, Nas Gateway Nh8b Firmware, Nas Gateway Nh4c Firmware, Nas Gateway Nh8c Firmware

Hitachi

1 product

Virtual File Platform

Nec

6 products

Nas Gateway Nh4a Firmware

Nas Gateway Nh8a Firmware

Nas Gateway Nh4b Firmware

Nas Gateway Nh8b Firmware

Nas Gateway Nh4c Firmware

Nas Gateway Nh8c Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hitachi Virtual File Platform	Before 6.4.3-09

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Hitachi Virtual File Platform	Before 5.5.3-09

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh4a Firmware	Before fos_5.5.3-08\(nec2.5.4a\)

Running on/with	Platform Versions
Nec Nas Gateway Nh4a	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh8a Firmware	Before fos_5.5.3-08\(nec2.5.4a\)

Running on/with	Platform Versions
Nec Nas Gateway Nh8a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh4b Firmware	Before fos_6.4.3-08\(nec3.4.2\)

Running on/with	Platform Versions
Nec Nas Gateway Nh4b	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh8b Firmware	Before fos_6.4.3-08\(nec3.4.2\)

Running on/with	Platform Versions
Nec Nas Gateway Nh8b	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh4c Firmware	Before fos_6.4.3-08\(nec3.4.2\)

Running on/with	Platform Versions
Nec Nas Gateway Nh4c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nec Nas Gateway Nh8c Firmware	Before fos_6.4.3-08\(nec3.4.2\)

Running on/with	Platform Versions
Nec Nas Gateway Nh8c	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://jpn.nec.com/security-info/secinfo/nv21-011.html

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN21298724/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jpn.nec.com/security-info/secinfo/nv21-011.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN21298724/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.