Main Vulnerability Database Vulnerabilities #VU48727

#VU48727 Improper Authentication in Eternus Storage DX200 S4 - CVE-2020-29127

Published: November 30, 2020 / Updated: December 1, 2020

Vulnerability identifier: #VU48727

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-29127

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Eternus Storage DX200 S4

Software vendor:
Fujitsu

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when root user has logged into the web portal. A remote attacker can bypass authentication process and gain access to the web portal with root privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

http://packetstormsecurity.com/files/160255/Fujitsu-Eternus-Storage-DX200-S4-Broken-Authentication.html
https://cxsecurity.com/issue/WLB-2020110215
https://seccops.com/fujitsu-eternus-storage-dx200-s4-broken-authentication/
https://www.first.org/members/teams/fujitsu_psirt