PT-2021-14196 · Nec+1 · Nec Storage M Series Nas Gateway+1
Hiroki Matsukuma
·
Published
2021-06-28
·
Updated
2021-07-06
·
CVE-2021-20740
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Hitachi Virtual File Platform versions prior to 5.5.3-09
Hitachi Virtual File Platform versions prior to 6.4.3-09
NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a)
NEC Storage M Series NAS Gateway Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2)
Description:
Remote authenticated attackers can execute arbitrary OS commands with root privileges via unspecified vectors.
Recommendations:
For Hitachi Virtual File Platform versions prior to 5.5.3-09, update to version 5.5.3-09 or later.
For Hitachi Virtual File Platform versions prior to 6.4.3-09, update to version 6.4.3-09 or later.
For NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a), update to FOS 5.5.3-08(NEC2.5.4a) or later.
For NEC Storage M Series NAS Gateway Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2), update to FOS 6.4.3-08(NEC3.4.2) or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hitachi Virtual File Platform
Nec Storage M Series Nas Gateway