Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center

Arbitrary Command Execution Vulnerability in Fujitsu ETERNUS CentricStor CS8000 Control Center

CVE-2022-31795 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

Learn more about our User Device Pen Test.