Unauthorized attackers were able to access backups thanks to serious security flaws in Fujitsu’s cloud storage infrastructure. The flaw specifically affected the FUJITSU ETERNUS CS8000 Control Center, which was fortunately patched after the bug was reported. As a result, users must ensure that their devices are up to date in order to receive the patches. Fujitsu Cloud Storage Vulnerabilities
The NCC Group’s Fox-IT team uncovered two different security flaws in Fujitsu’s cloud storage infrastructure, according to a recent post. While inspecting a client’s backup systems, they discovered command injection issues affecting the Fujitsu ETERNUS CS8000 (Control Center). They discovered that two PHP programmes that are ordinarily available after authentication lack user input validation.
As previously indicated, NCC Group’s Fox-IT examined the web-application used to manage backups, which led to the discovery of two scripts that are accessible by any user on the network and feed user input directly to the “shell exec” and “system” functions.
One of the flaws was in the “grel finfo” function in grel.php, which allowed an attacker to run arbitrary commands. An attacker could get the desired results by using unusual characters in the username (“user”), password (“pw”), and file-name (“file”) fields. The second vulnerability was found in hw view.php’s “requestTempFile” function, which allowed an attacker to change the “unitName” POST parameter using special characters to execute code.
Fujitsu Patched The Bugs
The researchers informed Fujitsu after discovering these flaws, and Fujitsu responded by developing applicable solutions. Fujitsu admitted in their advisory that the vulnerabilities mostly affected earlier versions. Fujitsu, on the other hand, published patches for Fujitsu ETERNUS CS8000 (Control Center) versions v8.1A SP02 P04 and v8.0A SP01 P03 H035.
As a result, users should verify that their software is up to date in order to obtain updates for these significant flaws. However, the suppliers advise customers to contact customer service for assistance in receiving these updates.
Due to the software distribution methodology, a dedicated customer request to Fujitsu via ServiceNow or Support Assistant is necessary. For the time being, Fujitsu has stated that no evidence of vulnerability exploits has been discovered in the wild.