Details of VAR-201307-0480

ID

VAR-201307-0480

CVE

CVE-2013-4697

TITLE

JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation

Trust: 0.8

sources: JVNDB: JVNDB-2013-000076

DESCRIPTION

Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05, 10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job Management Partner 1/IT Desktop Management - Manager 09-50 through 09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through 02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow remote authenticated users to gain privileges via unknown vectors. Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Users without administrative privileges may obtain administrative privileges. Multiple Hitachi products have security holes that allow local attackers to use the holes to elevate privileges. No detailed vulnerability details are provided at this time. A local attacker may leverage these issues to escalate privileges. This may lead to other attacks

Trust: 2.43

sources: NVD: CVE-2013-4697 // JVNDB: JVNDB-2013-000076 // CNVD: CNVD-2013-11031 // BID: 61459

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-11031

AFFECTED PRODUCTS

vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00-08	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00-07	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00-04	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	02-50-07	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	02-50-06	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	02-50-01	Trust: 1.9
vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00-12	Trust: 1.6
vendor:	hitachi	model:	it operations director	scope:	eq	version:	04-00-01	Trust: 1.6
vendor:	hitachi	model:	it operations director	scope:	eq	version:	04-00	Trust: 1.6
vendor:	hitachi	model:	it operations director	scope:	-	version:	-	Trust: 1.4
vendor:	hitachi	model:	it operations director	scope:	eq	version:	02-50	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	10-00	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/it desktop management-manager	scope:	eq	version:	09-50	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	09-51	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	10-01	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	09-51-05	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	10-00-02	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/it desktop management-manager	scope:	eq	version:	10-01	Trust: 1.0
vendor:	hitachi	model:	job management partner 1\/it desktop management-manager	scope:	eq	version:	09-50-03	Trust: 1.0
vendor:	hitachi	model:	jp1\/it desktop management-manager	scope:	eq	version:	10-01-02	Trust: 1.0
vendor:	hitachi	model:	job management partner 1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	jp1/it desktop management - manager	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	job management partner 1/it desktop management manager	scope:	eq	version:	-	Trust: 0.6
vendor:	hitachi	model:	jp1/it desktop management	scope:	-	version:	-	Trust: 0.6
vendor:	hitachi	model:	it operations director	scope:	eq	version:	03-00-06	Trust: 0.3

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4697
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2013-000076
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-11031
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201307-665
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2013-4697
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2013-000076
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-11031
severity:	LOW
baseScore:	3.2
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-11031 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2013-000076 // NVD: CVE-2013-4697

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-665

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201307-665

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-000076

PATCH

title:	HS13-017	url:	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-017/index.html	Trust: 0.8
title:	Patch for Unknown Local Privilege Escalation Vulnerability in Hitachi Multiple Products	url:	https://www.cnvd.org.cn/patchInfo/show/36558	Trust: 0.6

sources: CNVD: CNVD-2013-11031 // JVNDB: JVNDB-2013-000076

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4697	Trust: 3.3
db:	JVN	id:	JVN00065218	Trust: 2.4
db:	JVNDB	id:	JVNDB-2013-000076	Trust: 2.4
db:	HITACHI	id:	HS13-017	Trust: 2.2
db:	BID	id:	61459	Trust: 0.9
db:	SECUNIA	id:	54231	Trust: 0.6
db:	CNVD	id:	CNVD-2013-11031	Trust: 0.6
db:	JVN	id:	JVN#00065218	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-665	Trust: 0.6

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

REFERENCES

url:	http://jvn.jp/en/jp/jvn00065218/index.html	Trust: 2.4
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs13-017/index.html	Trust: 2.2
url:	http://jvndb.jvn.jp/jvndb/jvndb-2013-000076	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4697	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4697	Trust: 0.8
url:	http://www.secunia.com/advisories/54231/	Trust: 0.6
url:	http://www.hitachi.com	Trust: 0.3

sources: CNVD: CNVD-2013-11031 // BID: 61459 // JVNDB: JVNDB-2013-000076 // CNNVD: CNNVD-201307-665 // NVD: CVE-2013-4697

CREDITS

Taizo Tsukamoto of GLOBAL SECURITY EXPERTS Inc.

Trust: 0.3

sources: BID: 61459

SOURCES

db:	CNVD	id:	CNVD-2013-11031
db:	BID	id:	61459
db:	JVNDB	id:	JVNDB-2013-000076
db:	CNNVD	id:	CNNVD-201307-665
db:	NVD	id:	CVE-2013-4697

LAST UPDATE DATE

2024-08-14T15:44:54.512000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-11031	date:	2013-08-01T00:00:00
db:	BID	id:	61459	date:	2013-08-01T18:27:00
db:	JVNDB	id:	JVNDB-2013-000076	date:	2013-08-02T00:00:00
db:	CNNVD	id:	CNNVD-201307-665	date:	2013-08-09T00:00:00
db:	NVD	id:	CVE-2013-4697	date:	2013-07-31T13:20:19.103

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-11031	date:	2013-08-01T00:00:00
db:	BID	id:	61459	date:	2013-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2013-000076	date:	2013-07-29T00:00:00
db:	CNNVD	id:	CNNVD-201307-665	date:	2013-07-31T00:00:00
db:	NVD	id:	CVE-2013-4697	date:	2013-07-31T13:20:19.103