Published:2013/07/29 Last Updated:2013/07/29
JVN#00065218
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation
Overview
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability.
Products Affected
- JP1/IT Desktop Management - Manager
- Job Management Partner 1/IT Desktop Management - Manager
- Hitachi IT Operations Director
Description
JP1/IT Desktop Management - Manager and Hitachi IT Operations Director provided by Hitachi contain a privilege escalation vulnerability.
Impact
Users without administrative privileges may obtain administrative privileges.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2013.07.29
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | login caused to be created by an administrator |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls) |
|
Credit
Taizo Tsukamoto of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-4697 |
| JVN iPedia |
JVNDB-2013-000076 |