A critical vulnerability has been discovered in Hitachi’s Infrastructure Analytics Advisor and Ops Center Analyzer, two widely used products in the IT infrastructure management sector. Identified as CVE-2024-10205, the flaw has been assigned a high severity rating, with a CVSS 3.1 score of 9.4. This vulnerability allows unauthorized users to bypass authentication mechanisms, potentially granting them remote access to affected systems without the need for prior credentials. The lack of authentication requirements makes it particularly dangerous, as it opens the door for attackers to compromise the confidentiality, integrity, and availability of critical systems.
The flaw affects specific versions of Hitachi’s software running on the Linux (x64) platform. For the Hitachi Ops Center Analyzer, impacted versions range from 10.0.0-00 up to, but not including, 11.0.3-00. Similarly, the Hitachi Infrastructure Analytics Advisor is vulnerable in versions spanning from 2.1.0-00 to 4.4.0-00. This vulnerability is located in the affected software components—Analyzer Detail View for the Ops Center Analyzer and Data Center Analytics for the Infrastructure Analytics Advisor—both of which allow remote access once exploited.
To mitigate the risk, Hitachi has released patched versions of the affected software. For the Ops Center Analyzer, the fixed version is 11.0.3-00 (Linux x64), while users of the Infrastructure Analytics Advisor should contact Hitachi support for details on the latest fixed version. No workarounds are available, making the application of these updates the only effective method to address the vulnerability and secure the systems from further exploitation.
Given the high severity of CVE-2024-10205, organizations using these Hitachi products are strongly advised to prioritize immediate updates to the patched versions. The vulnerability underscores the importance of regularly maintaining and updating software to guard against such exploits. IT administrators should monitor security advisories closely and take proactive steps to protect their networks and data from the potential threat posed by this flaw.
Reference:
