Thursday, January 23, 2025
HomeCyber Security NewsHitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely

Published on

SIEM as a Service

Follow Us on Google News

Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer.

A severe vulnerability has been discovered in Hitachi’s Infrastructure Analytics Advisor and Ops Center Analyzer, posing a significant security risk to users of these products.

The vulnerability, identified as CVE-2024-10205, has a CVSS 3.1 score of 9.4, categorized as “High.”

This flaw allows unauthorized users to bypass authentication, potentially leading to data exposure, system compromise, and service disruptions.

The vulnerability stems from an authorization bypass issue in the affected Hitachi software components.

Exploiting this flaw requires no prior authentication, making it particularly dangerous. It allows threat actors remote access to the system with the ability to compromise confidentiality, integrity, and availability.

2024 MITRE ATT&CK Evaluation Results Released for SMEs & MSPs -> Download Free Guide

Affected Products

The vulnerability affects specific versions of Hitachi products. For Hitachi Ops Center Analyzer (English version), the impacted component is Analyzer Detail View, with affected versions ranging from 10.0.0-00 or later but less than 11.0.3-00, running on the Linux (x64) platform.

Similarly, for Hitachi Infrastructure Analytics Advisor (English version), the affected component is Data Center Analytics, with impacted versions spanning from 2.1.0-00 up to 4.4.0-00, also on the Linux (x64) platform.

Fixed Products

Hitachi has released updated versions to mitigate the issue. Users are advised to upgrade to these fixed versions immediately:

  1. Hitachi Ops Center Analyzer: Version 11.0.3-00 (Linux x64)
  2. Hitachi Infrastructure Analytics Advisor: Contact your Hitachi support team for the latest fixed version.

Currently, no workarounds are available to address the vulnerability. Applying the fixed version is the only effective solution to safeguard affected systems.

Organizations utilizing these products must prioritize updating to the fixed versions or consult with Hitachi’s support services for appropriate solutions. Until patched, affected systems remain exposed to potentially devastating cyberattacks.

This discovery highlights the critical importance of maintaining up-to-date software and monitoring for security advisories.

Organizations should assess their environments promptly and take immediate corrective action to mitigate the associated risks.

Stay tuned for additional updates and reach out to Hitachi for further technical assistance. Cybersecurity remains a top priority, and proactive measures are essential in addressing vulnerabilities like CVE-2024-10205.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...