CVE-2024-10205: Authentication bypass vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer (18-12-2024)

Preface: Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Background: Hitachi Ops Center analytics and observability software supports VSP arrays whether on-premises, in a colocation facility, or a public cloud environment. Ops Center’s analytics software provides health insights and best practices to monitor key performance and capacity indicators across a heterogeneous data center infrastructure, to easily identify and isolate performance problems. By analyzing the data path from virtual machine (VM) and server to SAN fabric and logical storage resources, Hitachi Ops Center analytics software provides essential IT operations visibility and optimization.

Vulnerability details:  Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00.

Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2024-10205

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.