Vulnerability CVE-2013-0706

Vulnerability Name:

CVE-2013-0706 (CCN-82227)

Assigned:

2012-12-28

Published:

2013-02-21

Updated:

2013-03-08

Summary:

NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C)
6.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2013-0706

Source: CCN
Type: NEC Web site
Universal RAID Utility

Source: CONFIRM
Type: Vendor Advisory
http://jpn.nec.com/security-info/secinfo/nv13-004.html

Source: JVN
Type: Vendor Advisory
JVN#75585394

Source: CCN
Type: JVNDB-2013-000012
NEC Universal RAID Utility fails to restrict access permissions

Source: JVNDB
Type: Vendor Advisory
JVNDB-2013-000012

Source: CCN
Type: SA52241
NEC Universal RAID Utility Unrestricted Access Permissions Security Issue

Source: CCN
Type: BID-58087
NEC Universal RAID Utility CVE-2013-0706 Remote Security Bypass Vulnerability

Source: XF
Type: UNKNOWN
universal-raid-sec-bypass(82227)

Vulnerable Configuration:

Configuration 1:

cpe:/a:nec:universal_raid_utility:1.40:*:*:*:*:*:*:*

OR cpe:/a:nec:universal_raid_utility:*:rev_680:*:*:*:*:*:* (Version <= 1.40)

OR cpe:/a:nec:universal_raid_utility:2.5:*:*:*:*:*:*:*

OR cpe:/a:nec:universal_raid_utility:*:rev_2244:*:*:*:*:*:* (Version <= 2.5)

OR cpe:/a:nec:universal_raid_utility:2.31:*:*:*:*:*:*:*

OR cpe:/a:nec:universal_raid_utility:*:rev_1492:*:*:*:*:*:* (Version <= 2.31)

Denotes that component is vulnerable

BACK