Broken Authentication Vulnerability in Fujitsu Eternus Storage DX200 S4
CVE-2020-29127

9.8CRITICAL

Key Information:

Vendor

Fujitsu

Status
Eternus Storage Dx200 S4 Firmware
Vendor
CVE Published:
30 November 2020

What is CVE-2020-29127?

A vulnerability was discovered in Fujitsu Eternus Storage DX200 S4 devices where a logged-in root user can access the portal with elevated privileges. By navigating to a specific URI, the portal remains accessible through different web browsers, potentially allowing unauthorized users to exploit the session and gain root permissions. This issue raises significant concerns regarding the security of sensitive data and systems managed by these devices, emphasizing the need for immediate attention and remediation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.first.org/members/teams/fujitsu_psirt
x_refsource_MISC
http://packetstormsecurity.com/files/160255/Fujitsu-Etern...
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2020110215
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.