CVE-2021-20740

Summary

CVE	CVE-2021-20740
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-28 01:15:00 UTC
Updated	2021-07-06 14:32:00 UTC
Description	Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Hitachi	Virtual File Platform	All	All	All	All
Hardware	Nec	Nas Gateway Nh4a	-	All	All	All
Operating System	Nec	Nas Gateway Nh4a Firmware	All	All	All	All
Hardware	Nec	Nas Gateway Nh4b	-	All	All	All
Operating System	Nec	Nas Gateway Nh4b Firmware	All	All	All	All
Hardware	Nec	Nas Gateway Nh4c	-	All	All	All
Operating System	Nec	Nas Gateway Nh4c Firmware	All	All	All	All
Hardware	Nec	Nas Gateway Nh8a	-	All	All	All
Operating System	Nec	Nas Gateway Nh8a Firmware	All	All	All	All
Hardware	Nec	Nas Gateway Nh8b	-	All	All	All
Operating System	Nec	Nas Gateway Nh8b Firmware	All	All	All	All
Hardware	Nec	Nas Gateway Nh8c	-	All	All	All
Operating System	Nec	Nas Gateway Nh8c Firmware	All	All	All	All

References

Reference	Source	Link	Tags
JVN#21298724: Hitachi Virtual File Platform vulnerable to OS command injection	MISC	jvn.jp
Command Injection Vulnerability in Hitachi Virtual File Platform (June 17, 2021):Vulnerability Information:Storage Solutions:Hitachi	MISC	www.hitachi.co.jp
NV21-011: セキュリティ情報 \| NEC	MISC	jpn.nec.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.