CVE-2024-4679

EUVD-2024-44280

02.07.2024, 02:15

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00 before 12-00-01, from 11-00 through 11-00-*; JP1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04; Job Management Partner1/Extensible SNMP Agent: from 10-10 through 10-10-01, from 10-00 through 10-00-02, from 09-00 through 09-00-04.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
hitachi	jp1\/extensible_snmp_agent	10-10 ≤ 𝑥 ≤ 10-10-01	ADP
hitachi	jp1\/extensible_snmp_agent	10-00 ≤ 𝑥 ≤ 10-00-02	ADP
hitachi	jp1\/extensible_snmp_agent	9-00 ≤ 𝑥 ≤ 9-00-04	ADP
hitachi	job_management_partner1\/extensible_snmp_agent	10-10 ≤ 𝑥 ≤ 10-10-01	ADP
hitachi	job_management_partner1\/extensible_snmp_agent	10-00 ≤ 𝑥 ≤ 10-00-02	ADP
hitachi	job_management_partner1\/extensible_snmp_agent	9-00 ≤ 𝑥 ≤ 9-00-04	ADP
hitachi	jp1\/extensible_snmp_agent	12-00 ≤ 𝑥 < 12-00-01	ADP

Common Weakness Enumeration

CWE-276 - Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References

https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-127/index.html