CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-29127

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

http://packetstormsecurity.com/files/160255/Fujitsu-Eternus-Storage-DX200-S4-Broken-Authentication.html
https://cxsecurity.com/issue/WLB-2020110215
https://seccops.com/fujitsu-eternus-storage-dx200-s4-broken-authentication/
https://www.first.org/members/teams/fujitsu_psirt
http://packetstormsecurity.com/files/160255/Fujitsu-Eternus-Storage-DX200-S4-Broken-Authentication.html
https://cxsecurity.com/issue/WLB-2020110215
https://seccops.com/fujitsu-eternus-storage-dx200-s4-broken-authentication/
https://www.first.org/members/teams/fujitsu_psirt

Products affected by CVE-2020-29127

Fujitsu » Eternus Storage Dx200 S4 » Version: N/A

cpe:2.3:h:fujitsu:eternus_storage_dx200_s4:-
Fujitsu » Eternus Storage Dx200 S4 Firmware » Version: N/A

cpe:2.3:o:fujitsu:eternus_storage_dx200_s4_firmware:-
Fujitsu » Eternus Storage Dx200 S4 Firmware » Version: 2020-11-25

cpe:2.3:o:fujitsu:eternus_storage_dx200_s4_firmware:2020-11-25

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-29127

Products

Pricing

Contact Us