Separate Fujitsu cloud storage vulnerabilities could allow attackers to destroy virtual backups
System administrators should update their installations immediately
Two flaws in the web interface of a Fujitsu cloud storage system could allow an unauthenticated attacker to read, write and destroy saved files.
The security vulnerabilities were present in the enterprise-grade Fujitsu Eternus CS8000 (Control Center) V8.1.
NCC Group researchers discovered two separate issues due to a lack of user input validation in two PHP scripts, which are normally included after authentication.
The two flaws, command injection in and command injection in , could allow an attacker to obtain remote code execution on the appliance without prior authentication or authorization.
Learn more about the latest web security research here
Since no include protection is in place, the attacker can trigger the script without prior authentication by calling it directly.
This would allow them to take control of the appliance as if they were logged in directly through a secure shell.
“If exploited, the attacker gains limited user privileges on the machine as user ‘www-data’; however, it should be noted that the kernel of the system encountered by NCC Group’s Fox-IT is severely outdated, allowing an attacker to easily elevate their privileges to the “root” administrator user of the system,” a blog post of NCC Group reads.
“Due to the sensitive nature of the system, any attacker with full control over the system is potentially able to read, modify, and potentially destroy entire virtual backup tapes, which could be used as the initial stage of a malicious attack. ransomware to ensure that the victim is unable to recover and is forced to pay the ransom.
The issues were discovered during a penetration test conducted by NCC Group on behalf of a client. They were then reported to Fujitsu, which has since fixed the bugs (PDF).
Fujitsu said it has “no knowledge” of working exploit code and has seen no successful attempts to exploit the vulnerabilities in the wild.
NCC Group advised users to immediately update to the latest version of the software. He also listed other recommendations for mitigating bugs in the blog post.
The daily sip has contacted NCC Group and Fujitsu for comment and will update this article accordingly.
DO NOT MISS Chinese cyber threat actors widely exploit well-known attacks to infiltrate networks, warns CISA