CVE-2021-20740 — HIGH (8.8)

Q: How severe is CVE-2021-20740?

CVE-2021-20740 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-20740?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Virtual File Platform, Nec Nas Gateway Nh4A Firmware, Nec Nas Gateway Nh4A, Nec Nas Gateway Nh8A Firmware, Nec Nas Gateway Nh8A.

Vulnerability Description

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hitachi	Virtual File Platform	< 6.4.3-09
Nec	Nas Gateway Nh4A Firmware	< fos_5.5.3-08\(nec2.5.4a\)
Nec	Nas Gateway Nh4A	-
Nec	Nas Gateway Nh8A Firmware	< fos_5.5.3-08\(nec2.5.4a\)
Nec	Nas Gateway Nh8A	-
Nec	Nas Gateway Nh4B Firmware	< fos_6.4.3-08\(nec3.4.2\)
Nec	Nas Gateway Nh4B	-
Nec	Nas Gateway Nh8B Firmware	< fos_6.4.3-08\(nec3.4.2\)
Nec	Nas Gateway Nh8B	-
Nec	Nas Gateway Nh4C Firmware	< fos_6.4.3-08\(nec3.4.2\)
Nec	Nas Gateway Nh4C	-
Nec	Nas Gateway Nh8C Firmware	< fos_6.4.3-08\(nec3.4.2\)
Nec	Nas Gateway Nh8C	-

Related Weaknesses (CWE)

CWE-78

References

https://jpn.nec.com/security-info/secinfo/nv21-011.htmlVendor Advisory
https://jvn.jp/en/jp/JVN21298724/index.htmlThird Party Advisory
https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/202Vendor Advisory
https://jpn.nec.com/security-info/secinfo/nv21-011.htmlVendor Advisory
https://jvn.jp/en/jp/JVN21298724/index.htmlThird Party Advisory
https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/202Vendor Advisory

FAQ

What is CVE-2021-20740?

CVE-2021-20740 is a vulnerability with a CVSS score of 8.8 (HIGH). Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh...

How severe is CVE-2021-20740?

CVE-2021-20740 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-20740?

Check the references section above for vendor advisories and patch information. Affected products include: Hitachi Virtual File Platform, Nec Nas Gateway Nh4A Firmware, Nec Nas Gateway Nh4A, Nec Nas Gateway Nh8A Firmware, Nec Nas Gateway Nh8A.