CVE-2024-10205: Critical Authentication Bypass Flaw Found in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer

by do son ·

CVE-2024-10205

Hitachi Vantara has disclosed a critical authentication bypass vulnerability (CVE-2024-10205) affecting its Infrastructure Analytics Advisor and Ops Center Analyzer. These tools are widely used for IT infrastructure optimization, making the flaw a significant concern for enterprises relying on these solutions.

The vulnerability, identified as CVE-2024-10205, allows attackers to bypass authentication mechanisms, potentially compromising system integrity. With a CVSS score of 9.4, it is classified as “High,” emphasizing its severity. According to the advisory, the vulnerability is characterized by a low attack complexity, no required privileges, and no user interaction, making it highly exploitable.

The advisory states, “Authentication bypass vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer,” underscoring the potential risk of unauthorized access and data breaches.

The vulnerability impacts the following versions:

  1. Hitachi Ops Center Analyzer (Linux x64)
    • Versions 10.0.0-00 and later, but below 11.0.3-00.
  2. Hitachi Infrastructure Analytics Advisor (Linux x64)
    • Versions 2.1.0-00 and later, up to and including 4.4.0-00.

Hitachi has released updates to mitigate the vulnerability. Users are advised to upgrade to the following fixed versions:

  • Hitachi Ops Center Analyzer: Version 11.0.3-00 or later.

The advisory explicitly states that no workarounds exist for this vulnerability. Organizations must apply the recommended updates to protect their systems. Delays in patching could leave critical IT infrastructure exposed to unauthorized access and potential attacks.

Related Posts:

Buy Me A Coffee

Tags: Analytics AdvisorCVE-2024-10205Hitachi VantaraOps Center Analyzer