CVE-2022-31794

Name of the Vulnerable Software and Affected Versions Fujitsu ETERNUS CentricStor CS8000 (Control Center) versions prior to 8.1A SP02 P04

Description The issue resides in the requestTempFile function in hw view.php, allowing an attacker to influence the unitName POST parameter and inject special characters, such as semicolons, backticks, or command-substitution sequences, to force the application to execute arbitrary commands.

Recommendations For versions prior to 8.1A SP02 P04, update to version 8.1A SP02 P04 or later to resolve the issue. As a temporary workaround, consider restricting access to the hw view.php file and the requestTempFile function to minimize the risk of exploitation. Avoid using the unitName parameter in the affected POST request until the issue is resolved.