Incorrect Default Permissions vulnerability affects Hitachi JP1/Extensible SNMP Agent for Windows
CVE-2024-4679

7.8HIGH

Key Information:

Vendor

Hitachi
Status
Jp1/extensible Snmp Agent For Windows
Jp1/extensible Snmp Agent
Job Management Partner1/extensible Snmp Agent
Vendor
CVE Published:
2 July 2024

What is CVE-2024-4679?

The vulnerability in Hitachi's JP1/Extensible SNMP Agent for Windows allows unauthorized file manipulation due to incorrect default permissions. This issue affects a range of versions of the JP1/Extensible SNMP Agent as well as the Job Management Partner1/Extensible SNMP Agent on Windows. Users are advised to update their systems and review security configurations to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Job Management Partner1/Extensible SNMP Agent Windows 10-10 <= 10-10-01

Job Management Partner1/Extensible SNMP Agent Windows 10-00 <= 10-00-02

Job Management Partner1/Extensible SNMP Agent Windows 09-00 <= 09-00-04

References

https://www.hitachi.com/products/it/software/security/inf...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Shun Suzaki
Yutaka Kokubu
Kazuki Hirota
.
CVE-2024-4679 : Incorrect Default Permissions vulnerability affects Hitachi JP1/Extensible SNMP Agent for Windows