CVE-2023-34142

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

27 Jul 2023, 17:08

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-319
CPE		cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:hitachi:device_manager::::::::
References	~~(MISC) https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html -~~	(MISC) https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html - Vendor Advisory
First Time		Linux Hitachi Microsoft Linux linux Kernel Microsoft windows Hitachi device Manager

18 Jul 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-07-18 03:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-34142

Mitre link : CVE-2023-34142

CVE.ORG link : CVE-2023-34142

JSON object : View

Products Affected

microsoft

windows

linux

linux_kernel

hitachi

device_manager

CWE

CWE-319

Cleartext Transmission of Sensitive Information

{"id": "CVE-2023-34142", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "hirt@hitachi.co.jp", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2023-07-18T03:15:55.427", "references": [{"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-125/index.html", "tags": ["Vendor Advisory"], "source": "hirt@hitachi.co.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "hirt@hitachi.co.jp", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n"}], "lastModified": "2023-07-27T17:08:55.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:device_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7BAEB11-0356-426A-BAB8-1ED82F9FCF70", "versionEndExcluding": "8.8.5-02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hirt@hitachi.co.jp"}