Protect Your VMware Environment: Hitachi Storage Plug-in Vulnerability Allows Unauthorized Access

CVECVE-2024-21840
CVSScvssV3_1: 7.9
SourceCVE-2024-21840

The Hitachi Storage Plug-in for VMware vCenter, versions 04.0.0 through 04.9.2, have an incorrect default permissions vulnerability that allows local users to read and write specific files. This can potentially allow an attacker with access to the system to gain unauthorized access.

The Hitachi Storage Plug-in is used to manage Hitachi storage systems from within the VMware vCenter interface. It integrates the storage systems with vCenter for easier provisioning and management of storage for virtual machines.

The vulnerability arises due to incorrect file permissions being set during installation. Certain log and configuration files are left writable for local system users when they should have more restrictive permissions. An attacker who can log into the system could potentially leverage this to modify log files or configuration settings to conceal access or escalate privileges.

If you have the Hitachi Storage Plug-in installed, you should immediately apply the latest update released by Hitachi, which is version 04.9.3. This fixes the permissions issue. You should also review your server’s local user and group permissions to ensure only authorized users have access. Consider disabling or removing any unnecessary local accounts.

Properly securing your VMware environment from unauthorized access is important. Be sure to keep all plugins and applications up-to-date with the latest patches to prevent exploitation of known vulnerabilities. Review permissions and account access regularly as well. Taking basic precautions can help protect your virtual infrastructure and data.

References