Fujitsu Eternus Storage DX200 S4 Broken Authentication

2020.11.26

Seccops (TR)

Risk: Medium

Local: Yes

Remote: Yes

CVE: CVE-2020-29127

CWE: CWE-287

CVSS Base Score: 10/10

Impact Subscore: 10/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Complete

Integrity impact: Complete

Availability impact: Complete

# Title: Fujitsu Eternus Storage DX200 S4 Broken Authentication
# Author: Seccops (https://seccops.com)
# Vendor Homepage: https://www.fujitsu.com/global/products/computing/storage/disk/eternus-dx/
# Version: Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25
# Classifications: OWASP: A2:2017-Broken Authentication, CWEs: CWE-287 & CWE-1028
# CVE: CVE-2020-29127


=== Description ===

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI "cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en" is visited from a different web browser.

After logging into the portal with a "root" user using any web browser, the portal can be accessed with "root" privileges when the link (http://eternus/cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en) formed is entered from a different web browser.

Example: https://imgur.com/a/kuhCi04

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Fujitsu Eternus Storage DX200 S4 Broken Authentication

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.