ID

VAR-201307-0480


CVE

CVE-2013-4697


TITLE

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

Trust: 0.8

sources: JVNDB: JVNDB-2013-000076

DESCRIPTION

Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Users without administrative privileges may obtain administrative privileges. Multiple Hitachi products have security holes that allow local attackers to use the holes to elevate privileges. No detailed vulnerability details are provided at this time. A local attacker may leverage these issues to escalate privileges. This may lead to other attacks

Trust: 2.43

sources: NVD: CVE-2013-4697 // JVNDB: JVNDB-2013-000076 // CNVD: CNVD-2013-11031 // BID: 61459

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-11031

AFFECTED PRODUCTS

vendor:hitachimodel:it operations directorscope:eqversion:03-00-08

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:03-00-07

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:03-00-04

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:03-00

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:02-50-07

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:02-50-06

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:02-50-01

Trust: 1.9

vendor:hitachimodel:it operations directorscope:eqversion:03-00-12

Trust: 1.6

vendor:hitachimodel:it operations directorscope:eqversion:04-00-01

Trust: 1.6

vendor:hitachimodel:it operations directorscope:eqversion:04-00

Trust: 1.6

vendor:hitachimodel:it operations directorscope: - version: -

Trust: 1.4

vendor:hitachimodel:it operations directorscope:eqversion:02-50

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:10-00

Trust: 1.0

vendor:hitachimodel:job management partner 1\/it desktop management-managerscope:eqversion:09-50

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:09-51

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:10-01

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:09-51-05

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:10-00-02

Trust: 1.0

vendor:hitachimodel:job management partner 1\/it desktop management-managerscope:eqversion:10-01

Trust: 1.0

vendor:hitachimodel:job management partner 1\/it desktop management-managerscope:eqversion:09-50-03

Trust: 1.0

vendor:hitachimodel:jp1\/it desktop management-managerscope:eqversion:10-01-02

Trust: 1.0

vendor:hitachimodel:job management partner 1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/it desktop management - managerscope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/it desktop management managerscope:eqversion: -

Trust: 0.6

vendor:hitachimodel:jp1/it desktop managementscope: - version: -

Trust: 0.6

vendor:hitachimodel:it operations directorscope:eqversion:03-00-06

Trust: 0.3

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4697
value: HIGH

Trust: 1.0

IPA: JVNDB-2013-000076
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-11031
value: LOW

Trust: 0.6

CNNVD: CNNVD-201307-665
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2013-4697
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-000076
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-11031
severity: LOW
baseScore: 3.2
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-11031 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2013-000076 // NVD: CVE-2013-4697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-665

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-665

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-000076

PATCH

title:HS13-017url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-017/index.html

Trust: 0.8

title:Patch for Unknown Local Privilege Escalation Vulnerability in Hitachi Multiple Productsurl:https://www.cnvd.org.cn/patchInfo/show/36558

Trust: 0.6

sources: CNVD: CNVD-2013-11031 // JVNDB: JVNDB-2013-000076

EXTERNAL IDS

db:NVDid:CVE-2013-4697

Trust: 3.3

db:JVNid:JVN00065218

Trust: 2.4

db:JVNDBid:JVNDB-2013-000076

Trust: 2.4

db:HITACHIid:HS13-017

Trust: 2.2

db:BIDid:61459

Trust: 0.9

db:SECUNIAid:54231

Trust: 0.6

db:CNVDid:CNVD-2013-11031

Trust: 0.6

db:JVNid:JVN#00065218

Trust: 0.6

db:CNNVDid:CNNVD-201307-665

Trust: 0.6

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

REFERENCES

url:http://jvn.jp/en/jp/jvn00065218/index.html

Trust: 2.4

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-017/index.html

Trust: 2.2

url:http://jvndb.jvn.jp/jvndb/jvndb-2013-000076

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4697

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4697

Trust: 0.8

url:http://www.secunia.com/advisories/54231/

Trust: 0.6

url:http://www.hitachi.com

Trust: 0.3

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

CREDITS

Taizo Tsukamoto of GLOBAL SECURITY EXPERTS Inc.

Trust: 0.3

sources: BID: 61459

SOURCES

db:CNVDid:CNVD-2013-11031
db:BIDid:61459
db:JVNDBid:JVNDB-2013-000076
db:CNNVDid:CNNVD-201307-665
db:NVDid:CVE-2013-4697

LAST UPDATE DATE

2024-08-14T15:44:54.512000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-11031date:2013-08-01T00:00:00
db:BIDid:61459date:2013-08-01T18:27:00
db:JVNDBid:JVNDB-2013-000076date:2013-08-02T00:00:00
db:CNNVDid:CNNVD-201307-665date:2013-08-09T00:00:00
db:NVDid:CVE-2013-4697date:2013-07-31T13:20:19.103

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-11031date:2013-08-01T00:00:00
db:BIDid:61459date:2013-07-26T00:00:00
db:JVNDBid:JVNDB-2013-000076date:2013-07-29T00:00:00
db:CNNVDid:CNNVD-201307-665date:2013-07-31T00:00:00
db:NVDid:CVE-2013-4697date:2013-07-31T13:20:19.103