Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Fujitsu Eternus Storage DX200 S4 Broken Authentication

Related Vulnerabilities: CVE-2020-29127  
Publish Date: 26 Nov 2020
Author: Seccops
Source 
                # Title: Fujitsu Eternus Storage DX200 S4 Broken Authentication

# Author: Seccops (https://seccops.com)

# Vendor Homepage:
https://www.fujitsu.com/global/products/computing/storage/disk/eternus-dx/

# Version: Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25

# Classifications: OWASP: A2:2017-Broken Authentication, CWEs: CWE-287 &
CWE-1028

# CVE: CVE-2020-29127

 

 

=== Description ===

 

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through
2020-11-25. After logging into the portal as a root user (using any web
browser), the portal can be accessed with root privileges when the URI
"cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en" is
visited from a different web browser.

 

After logging into the portal with a "root" user using any web browser, the
portal can be accessed with "root" privileges when the link
(http://eternus/cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplan
g=en) formed is entered from a different web browser.

 

Example: https://imgur.com/a/kuhCi04

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started