CVE-2020-29127

Name of the Vulnerable Software and Affected Versions Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25

Description An issue was discovered that allows the portal to be accessed with root privileges when a specific URI is visited from a different web browser after logging in as a root user. The affected URI is "cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi PgOverview&csplang=en".

Recommendations For Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25, as a temporary workaround, consider restricting access to the "cgi-bin/csp" endpoint until a patch is available. Avoid using the cspid, csppage, and csplang parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.