A critical authentication bypass vulnerability has been uncovered in Hitachi’s Infrastructure Analytics Advisor and Ops Center Analyzer, alarming users of these software products about potential security threats. The vulnerability, known as CVE-2024-10205, has been classified as “High” with a CVSS 3.1 score of 9.4, signifying the severity of the issue.
This vulnerability allows unauthorized users to circumvent the authentication process, which could result in data exposure, system compromise, and service disruptions. The flaw originates from an authorization bypass flaw in the impacted components of Hitachi’s software. What makes this vulnerability particularly alarming is that it does not require any prior authentication, giving threat actors the ability to remotely access the system and compromise its confidentiality, integrity, and availability.
Specific versions of Hitachi products are affected by this vulnerability. For Hitachi Ops Center Analyzer (English version), the vulnerable component is Analyzer Detail View, with impacted versions ranging from 10.0.0-00 onwards but less than 11.0.3-00, running on the Linux (x64) platform. Similarly, for Hitachi Infrastructure Analytics Advisor (English version), the affected component is Data Center Analytics, with vulnerable versions spanning from 2.1.0-00 up to 4.4.0-00, also on the Linux (x64) platform.
In response to this critical vulnerability, Hitachi has released updated versions to address the issue. Users are strongly urged to upgrade to the fixed versions immediately. For Hitachi Ops Center Analyzer, the fixed version is 11.0.3-00 for Linux (x64). As for Hitachi Infrastructure Analytics Advisor, users should reach out to their Hitachi support team for the latest fixed version.
Unfortunately, there are currently no workarounds available to mitigate the vulnerability other than applying the fixed versions. It is crucial for organizations utilizing these products to prioritize updating to the patched versions or seek assistance from Hitachi’s support services to find suitable solutions. Until these systems are updated, they remain vulnerable to cyberattacks that could have devastating consequences.
The detection of this vulnerability underscores the critical importance of keeping software up-to-date and staying vigilant about security advisories. Organizations must promptly assess their environments and take immediate steps to mitigate any associated risks. Stay informed for further updates and do not hesitate to contact Hitachi for technical assistance if needed. Cybersecurity remains a top priority, and proactive measures are indispensable in addressing vulnerabilities like CVE-2024-10205.