ID

VAR-201210-0531


CVE

CVE-2011-5217


TITLE

Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability

Trust: 2.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618

DESCRIPTION

Directory traversal vulnerability in the PXE Mtftp service in Hitachi JP1/ServerConductor/DeploymentManager before 08-55 Japanese and before 08-51 English allows remote attackers to read arbitrary files via unknown vectors. A security vulnerability exists in Hitachi JP1/ServerConductor/DeploymentManager that allows malicious users to obtain sensitive information. The DeploymentManager PXE Mtftp service has an input validation error. Hitachi JP1/ServerConductor/DeploymentManager is prone to a directory-traversal vulnerability. Other attacks may also be possible. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to disclose sensitive information. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS11-026): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2011-5217 // JVNDB: JVNDB-2011-005186 // CNVD: CNVD-2011-5347 // BID: 51079 // PACKETSTORM: 107908

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-5347

AFFECTED PRODUCTS

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:07-56

Trust: 1.6

vendor:hitachimodel:serverconductor\/deploymentmanagerscope:eqversion:06-00

Trust: 1.6

vendor:hitachimodel:serverconductor\/deploymentmanagerscope:eqversion:01-01

Trust: 1.6

vendor:hitachimodel:serverconductor\/deploymentmanagerscope:eqversion:01-00

Trust: 1.6

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:08-00

Trust: 1.6

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:07-56-\/g\(\*2\)

Trust: 1.6

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:08-06

Trust: 1.6

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:lteversion:08-50-\/b

Trust: 1.0

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:07-52

Trust: 1.0

vendor:hitachimodel:serverconductor\/deploymentmanagerscope:lteversion:06-00-\/a

Trust: 1.0

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:lteversion:08-07

Trust: 1.0

vendor:hitachimodel:jp1/serverconductor/deployment managerscope:ltversion:enterprise edition 08-51 ( english edition )

Trust: 0.8

vendor:hitachimodel:jp1/serverconductor/deployment managerscope:ltversion:enterprise edition 08-55 ( japanese version )

Trust: 0.8

vendor:hitachimodel:jp1/serverconductor/deployment managerscope:ltversion:standard edition 08-51 ( english edition )

Trust: 0.8

vendor:hitachimodel:jp1/serverconductor/deployment managerscope:ltversion:standard edition 08-55 ( japanese version )

Trust: 0.8

vendor:hitachimodel:serverconductor/deployment managerscope:eqversion:01-00 ( japanese version )

Trust: 0.8

vendor:hitachimodel:serverconductor/deployment managerscope:eqversion:01-01 ( japanese version )

Trust: 0.8

vendor:hitachimodel:serverconductor/deployment managerscope:eqversion:06-00 to 06-00-/a ( japanese version )

Trust: 0.8

vendor:hitachimodel:jp1/serverconductor/deployment managerscope: - version: -

Trust: 0.6

vendor:hitachimodel:serverconductor\/deploymentmanagerscope:eqversion:06-00-\/a

Trust: 0.6

vendor:hitachimodel:jp1\/serverconductor\/deploymentmanagerscope:eqversion:08-50-\/b

Trust: 0.6

vendor:hitachimodel:serverconductor deployment managerscope:eqversion:/(*1)06-00

Trust: 0.3

vendor:hitachimodel:serverconductor deployment managerscope:eqversion:/(*1)01-01

Trust: 0.3

vendor:hitachimodel:serverconductor deployment managerscope:eqversion:/(*1)01-00

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:08-50

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:08-00

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-56

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-55

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-54

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-53

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-52

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-51

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:eqversion:07-50

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:08-50

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:08-07

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:08-06

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:08-00

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:07-56

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise editionscope:eqversion:07-52

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard edition 3)scope:neversion:08-55(*

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager standard editionscope:neversion:08-51(*3)

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise edition 3)scope:neversion:08-55(*

Trust: 0.3

vendor:hitachimodel:jp1/serverconductor/deployment manager enterprise edition 3)scope:neversion:08-51(*

Trust: 0.3

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-5217
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-5217
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201210-618
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-5217
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-005186 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2011-005186 // NVD: CVE-2011-5217

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201210-618

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-005186

PATCH

title:HS11-026url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-026/index.html

Trust: 0.8

title:HS11-026url:http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html

Trust: 0.8

title:Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/6371

Trust: 0.6

sources: CNVD: CNVD-2011-5347 // JVNDB: JVNDB-2011-005186

EXTERNAL IDS

db:NVDid:CVE-2011-5217

Trust: 2.7

db:SECUNIAid:47221

Trust: 2.4

db:HITACHIid:HS11-026

Trust: 2.0

db:OSVDBid:77739

Trust: 1.6

db:SECTRACKid:1026427

Trust: 1.6

db:BIDid:51079

Trust: 1.5

db:JVNid:JVN05255562

Trust: 0.8

db:JVNDBid:JVNDB-2011-005186

Trust: 0.8

db:CNVDid:CNVD-2011-5347

Trust: 0.6

db:CNNVDid:CNNVD-201112-282

Trust: 0.6

db:XFid:71832

Trust: 0.6

db:XFid:1

Trust: 0.6

db:CNNVDid:CNNVD-201210-618

Trust: 0.6

db:PACKETSTORMid:107908

Trust: 0.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // PACKETSTORM: 107908 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

REFERENCES

url:http://www.securitytracker.com/id?1026427

Trust: 1.6

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-026/index.html

Trust: 1.6

url:http://secunia.com/advisories/47221

Trust: 1.6

url:http://osvdb.org/77739

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71832

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5217

Trust: 0.8

url:http://jvn.jp/jp/jvn05255562

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5217

Trust: 0.8

url:http://secunia.com/advisories/47221/

Trust: 0.7

url:http://www.securityfocus.com/bid/51079

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/71832

Trust: 0.6

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-026/index.html

Trust: 0.4

url:http://www.hitachi.com/index.html

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/47221/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47221

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-5347 // BID: 51079 // JVNDB: JVNDB-2011-005186 // PACKETSTORM: 107908 // CNNVD: CNNVD-201112-282 // CNNVD: CNNVD-201210-618 // NVD: CVE-2011-5217

CREDITS

The vendor

Trust: 0.3

sources: BID: 51079

SOURCES

db:CNVDid:CNVD-2011-5347
db:BIDid:51079
db:JVNDBid:JVNDB-2011-005186
db:PACKETSTORMid:107908
db:CNNVDid:CNNVD-201112-282
db:CNNVDid:CNNVD-201210-618
db:NVDid:CVE-2011-5217

LAST UPDATE DATE

2024-08-14T12:23:48.056000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5347date:2011-12-22T00:00:00
db:BIDid:51079date:2012-10-29T10:30:00
db:JVNDBid:JVNDB-2011-005186date:2012-10-29T00:00:00
db:CNNVDid:CNNVD-201112-282date:2011-12-19T00:00:00
db:CNNVDid:CNNVD-201210-618date:2012-10-29T00:00:00
db:NVDid:CVE-2011-5217date:2017-08-29T01:30:44.927

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-5347date:2011-12-22T00:00:00
db:BIDid:51079date:2011-12-15T00:00:00
db:JVNDBid:JVNDB-2011-005186date:2012-10-29T00:00:00
db:PACKETSTORMid:107908date:2011-12-15T02:31:54
db:CNNVDid:CNNVD-201112-282date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201210-618date:2012-10-26T00:00:00
db:NVDid:CVE-2011-5217date:2012-10-25T17:55:03.717