CVE-2021-20740

HIGH

Hitachi Virtual File Platform <5.5.3-09,6.4.3-09 - Command Injection

Title source: llm

Description

Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.hitachi.co.jp/products/it/storage-solutions/global/sec_info/2021/2021_306.html

Vendor Advisory x_refsource_misc

https://jpn.nec.com/security-info/secinfo/nv21-011.html

Third Party Advisory x_refsource_misc

https://jvn.jp/en/jp/JVN21298724/index.html

Scores

CVSS v3 8.8

EPSS 0.0237

EPSS Percentile 85.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (7)

hitachi/virtual_file_platform < 6.4.3-09

nec/nas_gateway_nh4a_firmware < fos_5.5.3-08\(nec2.5.4a\)

nec/nas_gateway_nh4b_firmware < fos_6.4.3-08\(nec3.4.2\)

nec/nas_gateway_nh4c_firmware < fos_6.4.3-08\(nec3.4.2\)

nec/nas_gateway_nh8a_firmware < fos_5.5.3-08\(nec2.5.4a\)

nec/nas_gateway_nh8b_firmware < fos_6.4.3-08\(nec3.4.2\)

nec/nas_gateway_nh8c_firmware < fos_6.4.3-08\(nec3.4.2\)

Published Jun 28, 2021

Tracked Since Feb 18, 2026