Details of VAR-201210-0531

ID

VAR-201210-0531

CVE

CVE-2011-5217

TITLE

Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability

Trust: 2.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618

DESCRIPTION

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. A security vulnerability exists in Hitachi JP1/ServerConductor/DeploymentManager that allows malicious users to obtain sensitive information. The DeploymentManager PXE Mtftp service has an input validation error. Hitachi JP1/ServerConductor/DeploymentManager is prone to a directory-traversal vulnerability. Other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to disclose sensitive information. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS11-026): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2011-5217 // JVNDB: JVNDB-2011-005186 // CNVD: CNVD-2011-5347 // BID: 51079 // PACKETSTORM: 107908

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-5347

AFFECTED PRODUCTS

vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	07-56	Trust: 1.6
vendor:	hitachi	model:	serverconductor\/deploymentmanager	scope:	eq	version:	06-00	Trust: 1.6
vendor:	hitachi	model:	serverconductor\/deploymentmanager	scope:	eq	version:	01-01	Trust: 1.6
vendor:	hitachi	model:	serverconductor\/deploymentmanager	scope:	eq	version:	01-00	Trust: 1.6
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	08-00	Trust: 1.6
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	07-56-\/g\(\*2\)	Trust: 1.6
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	08-06	Trust: 1.6
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	lte	version:	08-50-\/b	Trust: 1.0
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	07-52	Trust: 1.0
vendor:	hitachi	model:	serverconductor\/deploymentmanager	scope:	lte	version:	06-00-\/a	Trust: 1.0
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	lte	version:	08-07	Trust: 1.0
vendor:	hitachi	model:	jp1/serverconductor/deployment manager	scope:	lt	version:	enterprise edition 08-51 ( english edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/deployment manager	scope:	lt	version:	enterprise edition 08-55 ( japanese version )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/deployment manager	scope:	lt	version:	standard edition 08-51 ( english edition )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/deployment manager	scope:	lt	version:	standard edition 08-55 ( japanese version )	Trust: 0.8
vendor:	hitachi	model:	serverconductor/deployment manager	scope:	eq	version:	01-00 ( japanese version )	Trust: 0.8
vendor:	hitachi	model:	serverconductor/deployment manager	scope:	eq	version:	01-01 ( japanese version )	Trust: 0.8
vendor:	hitachi	model:	serverconductor/deployment manager	scope:	eq	version:	06-00 to 06-00-/a ( japanese version )	Trust: 0.8
vendor:	hitachi	model:	jp1/serverconductor/deployment manager	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	serverconductor\/deploymentmanager	scope:	eq	version:	06-00-\/a	Trust: 0.6
vendor:	hitachi	model:	jp1\/serverconductor\/deploymentmanager	scope:	eq	version:	08-50-\/b	Trust: 0.6
vendor:	hitachi	model:	serverconductor deployment manager	scope:	eq	version:	/(*1)06-00	Trust: 0.3
vendor:	hitachi	model:	serverconductor deployment manager	scope:	eq	version:	/(*1)01-01	Trust: 0.3
vendor:	hitachi	model:	serverconductor deployment manager	scope:	eq	version:	/(*1)01-00	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	08-50	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	08-00	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-56	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-55	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-54	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-53	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-52	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-51	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	eq	version:	07-50	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	08-50	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	08-07	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	08-06	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	08-00	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	07-56	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition	scope:	eq	version:	07-52	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition 3)	scope:	ne	version:	08-55(*	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager standard edition	scope:	ne	version:	08-51(*3)	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition 3)	scope:	ne	version:	08-55(*	Trust: 0.3
vendor:	hitachi	model:	jp1/serverconductor/deployment manager enterprise edition 3)	scope:	ne	version:	08-51(*	Trust: 0.3

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-5217
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-5217
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201210-618
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2011-5217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2011-005186 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-005186 // NVD: CVE-2011-5217

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201210-618

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005186

PATCH

title:	HS11-026	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-026/index.html	Trust: 0.8
title:	HS11-026	url:	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html	Trust: 0.8
title:	Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/6371	Trust: 0.6

sources: CNVD: CNVD-2011-5347 // JVNDB: JVNDB-2011-005186

EXTERNAL IDS

db:	NVD	id:	CVE-2011-5217	Trust: 2.7
db:	SECUNIA	id:	47221	Trust: 2.4
db:	HITACHI	id:	HS11-026	Trust: 2.0
db:	OSVDB	id:	77739	Trust: 1.6
db:	SECTRACK	id:	1026427	Trust: 1.6
db:	BID	id:	51079	Trust: 1.5
db:	JVN	id:	JVN05255562	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-005186	Trust: 0.8
db:	CNVD	id:	CNVD-2011-5347	Trust: 0.6
db:	CNNVD	id:	CNNVD-201112-282	Trust: 0.6
db:	XF	id:	71832	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	CNNVD	id:	CNNVD-201210-618	Trust: 0.6
db:	PACKETSTORM	id:	107908	Trust: 0.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // PACKETSTORM: 107908 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

REFERENCES

url:	http://www.securitytracker.com/id?1026427	Trust: 1.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-026/index.html	Trust: 1.6
url:	http://secunia.com/advisories/47221	Trust: 1.6
url:	http://osvdb.org/77739	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/71832	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5217	Trust: 0.8
url:	http://jvn.jp/jp/jvn05255562	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5217	Trust: 0.8
url:	http://secunia.com/advisories/47221/	Trust: 0.7
url:	http://www.securityfocus.com/bid/51079	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/71832	Trust: 0.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-026/index.html	Trust: 0.4
url:	http://www.hitachi.com/index.html	Trust: 0.3
url:	http://secunia.com/company/jobs/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/47221/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=47221	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // PACKETSTORM: 107908 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

CREDITS

The vendor

Trust: 0.3

sources: BID: 51079

SOURCES

db:	CNVD	id:	CNVD-2011-5347
db:	BID	id:	51079
db:	JVNDB	id:	JVNDB-2011-005186
db:	PACKETSTORM	id:	107908
db:	CNNVD	id:	CNNVD-201112-282
db:	CNNVD	id:	CNNVD-201210-618
db:	NVD	id:	CVE-2011-5217

LAST UPDATE DATE

2024-08-14T12:23:48.056000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5347	date:	2011-12-22T00:00:00
db:	BID	id:	51079	date:	2012-10-29T10:30:00
db:	JVNDB	id:	JVNDB-2011-005186	date:	2012-10-29T00:00:00
db:	CNNVD	id:	CNNVD-201112-282	date:	2011-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201210-618	date:	2012-10-29T00:00:00
db:	NVD	id:	CVE-2011-5217	date:	2017-08-29T01:30:44.927

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-5347	date:	2011-12-22T00:00:00
db:	BID	id:	51079	date:	2011-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2011-005186	date:	2012-10-29T00:00:00
db:	PACKETSTORM	id:	107908	date:	2011-12-15T02:31:54
db:	CNNVD	id:	CNNVD-201112-282	date:	1900-01-01T00:00:00
db:	CNNVD	id:	CNNVD-201210-618	date:	2012-10-26T00:00:00
db:	NVD	id:	CVE-2011-5217	date:	2012-10-25T17:55:03.717