First published: Mon Jun 20 2022(Updated: )
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fujitsu Eternus Cs8000 Firmware | <8.1 | |
Fujitsu Eternus Cs8000 Firmware | =8.1 | |
Fujitsu Eternus Cs8000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-31795 is critical with a CVSS score of 9.8.
An attacker can exploit CVE-2022-31795 by manipulating the username, password, and file-name parameters to inject special characters and execute arbitrary commands.
Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04 are affected by CVE-2022-31795.
Yes, Fujitsu Eternus Cs8000 firmware version 8.1 is affected by CVE-2022-31795 if it is before 8.1A SP02 P04.
To fix CVE-2022-31795, users should update their Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices to version 8.1A SP02 P04 or later.