Vulnerability Details CVE-2021-20740
Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
- https://jpn.nec.com/security-info/secinfo/nv21-011.html
- https://jvn.jp/en/jp/JVN21298724/index.html
- https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html
- https://jpn.nec.com/security-info/secinfo/nv21-011.html
- https://jvn.jp/en/jp/JVN21298724/index.html
- https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html
Products affected by CVE-2021-20740
-
cpe:2.3:a:hitachi:virtual_file_platform:-
-
cpe:2.3:a:hitachi:virtual_file_platform:5.5.3-09
-
cpe:2.3:h:nec:nas_gateway_nh4a:-
-
cpe:2.3:h:nec:nas_gateway_nh4b:-
-
cpe:2.3:h:nec:nas_gateway_nh4c:-
-
cpe:2.3:h:nec:nas_gateway_nh8a:-
-
cpe:2.3:h:nec:nas_gateway_nh8b:-
-
cpe:2.3:h:nec:nas_gateway_nh8c:-
-
cpe:2.3:o:nec:nas_gateway_nh4a_firmware:-
-
cpe:2.3:o:nec:nas_gateway_nh4b_firmware:-
-
cpe:2.3:o:nec:nas_gateway_nh4c_firmware:-
-
cpe:2.3:o:nec:nas_gateway_nh8a_firmware:-
-
cpe:2.3:o:nec:nas_gateway_nh8b_firmware:-
-
cpe:2.3:o:nec:nas_gateway_nh8c_firmware:-