9.8
CVSSv3

CVE-2022-31794

Published: 20/06/2022 Updated: 27/06/2022
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices prior to 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fujitsu eternus cs8000 firmware

fujitsu eternus cs8000 firmware 8.1