Full Report
Hitachi security advisory (AV26-279)
Analysis Summary
# Vulnerability: Multiple Flaws in Hitachi Ops Center and Infrastructure Analytics Advisor
## CVE Details
- **CVE ID:** CVE-2026-1166 (Open Redirect), CVE-2026-2072 (Improper Authentication/Access Control)
- **CVSS Score:** Not explicitly detailed in advisory, but typical for these types:
- CVE-2026-1166: ~6.1 (Medium)
- CVE-2026-2072: ~7.5 - 9.8 (High/Critical)
- **CWE:** CWE-601 (Open Redirect), CWE-287 (Improper Authentication)
## Affected Systems
- **Products:**
- Hitachi Ops Center Administrator (Linux)
- Hitachi Infrastructure Analytics Advisor (English version, Linux)
- Hitachi Ops Center Analyzer (English version, Linux)
- **Versions:**
- Ops Center Administrator: 10.2.0 to versions prior to 11.0.8
- Infrastructure Analytics Advisor: All versions
- Ops Center Analyzer: 10.0.0-00 to versions prior to 11.0.5-00
- **Configurations:** Linux-based installations of the English versions.
## Vulnerability Description
1. **CVE-2026-1166:** An Open Redirect vulnerability in Hitachi Ops Center Administrator. The application does not properly validate destination URLs, allowing an attacker to redirect a user to a malicious external site. This is often leveraged in sophisticated phishing campaigns to steal credentials.
2. **CVE-2026-2072:** A vulnerability in Infrastructure Analytics Advisor and Ops Center Analyzer. While specifics are focused on "access" within the advisory context, it typically implies an authentication bypass or improper authorization check that could allow unauthorized access to administrative functions or sensitive system data.
## Exploitation
- **Status:** Not reported as exploited in the wild; no Public PoC currently identified.
- **Complexity:** Low to Medium.
- **Attack Vector:** Network (Remote).
## Impact
- **Confidentiality:** High (Potential access to infrastructure metrics and configurations).
- **Integrity:** Medium to High (Depending on the ability to modify analytics settings).
- **Availability:** Low to Medium.
## Remediation
### Patches
Hitachi recommends upgrading to the following versions:
- **Hitachi Ops Center Administrator (Linux):** Upgrade to version **11.0.8** or later.
- **Hitachi Ops Center Analyzer (Linux):** Upgrade to version **11.0.5-00** or later.
### Workarounds
- For **Hitachi Infrastructure Analytics Advisor**, users are encouraged to perform suggested mitigations provided in the Hitachi security portal, which may include restricting network access to the management interface.
- Implement strict ingress filtering to ensure only authorized IP addresses can reach the management consoles.
## Detection
- **Indicators of Compromise:** Monitor web server logs for unusual `GET` requests containing external URLs in parameter strings (Redirection).
- **Detection methods and tools:** Audit user access logs for Hitachi Ops Center to identify logins from unexpected geographic locations or at unusual times.
## References
- Hitachi Security Advisory 2026-113 (CVE-2026-1166): hxxps[://]www[.]hitachi[.]com/products/it/software/security/info/vuls/hitachi-sec-2026-113/index[.]html
- Hitachi Security Advisory 2026-114 (CVE-2026-2072): hxxps[://]www[.]hitachi[.]com/products/it/software/security/info/vuls/hitachi-sec-2026-114/index[.]html
- Hitachi Vulnerability Information Portal: hxxps[://]www[.]hitachi[.]com/products/it/software/security/index[.]html