Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.
b3af4414170dbf11ae1b1458bbf73e808b24a2d1a81c195e28fd817a8d07cf3e# Title: Fujitsu Eternus Storage DX200 S4 Broken Authentication
# Author: Seccops (https://seccops.com)
# Vendor Homepage:
https://www.fujitsu.com/global/products/computing/storage/disk/eternus-dx/
# Version: Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25
# Classifications: OWASP: A2:2017-Broken Authentication, CWEs: CWE-287 &
CWE-1028
# CVE: CVE-2020-29127
=== Description ===
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through
2020-11-25. After logging into the portal as a root user (using any web
browser), the portal can be accessed with root privileges when the URI
"cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en" is
visited from a different web browser.
After logging into the portal with a "root" user using any web browser, the
portal can be accessed with "root" privileges when the link
(http://eternus/cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplan
g=en) formed is entered from a different web browser.
Example: https://imgur.com/a/kuhCi04
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed