Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center

Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center

CVE-2022-31794 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

Learn more about our Web Application Penetration Testing UK.