[Japanese]

JVNDB-2010-001147

JP1/Cm2/Network Node Manager Remote Console Insecure File Permissions Vulnerability

Overview

Computer systems running the JP1/Cm2/Network Node Manager (NNM) Remote Console for Windows are vulnerable due to insecure file permissions set on the systems.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.6 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Hitachi, Ltd
  • JP1/Cm2/Network Node Manager
  • JP1/Cm2/Network Node Manager Enterprise
  • JP1/Cm2/Network Node Manager 250
  • JP1/Cm2/Network Node Manager Starter Edition Enterprise
  • JP1/Cm2/Network Node Manager Starter Edition 250

Impact

A local attacker could replace the affected files provided by the NNM Remote Console with arbitrary files.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS10-002
CWE (What is CWE?)

  1. Permissions(CWE-264) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/3/15]
      Web page published

Date Public2010/02/26
Date First Published2010/03/15
Date Last Updated2010/03/15