June 9, 2015
Hitachi, Ltd. IT Platform Division Group
Hitachi Disk Array Systems have the following vulnerability.
CVE-2015-4000: Vulnerability in the design of TLS connections using the Diffie-Hellman (DH) key exchange protocol has been published. Vulnerability could lead to a downgrade to 512-bit Export-grade DH/DHE, and allow information disclosure or falsification.
The following table shows the affected products.
|Product Name||Correspond Vulnerability|
|Hitachi Universal Storage Platform V
Hitachi Universal Storage Platform H24000
Hitachi Universal Storage Platform VM
Hitachi Universal Storage Platform H20000
SVP is not directly related to storage functions. Therefore, even if it is attacked, data contents and the Read/Write functions in the storage would not be affected. The data stored in the Hitachi disk array system would not be read by the attacker.
However, if SVP is attacked, configuration change settings and maintenance operations in th storage could be affected.
Therefore we would like to take the preventive measure for the affected products.