Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.
5ae6b1f300710953b64144f45eb1ec87# Title: Fujitsu Eternus Storage DX200 S4 Broken Authentication
# Author: Seccops (https://seccops.com)
# Vendor Homepage:
https://www.fujitsu.com/global/products/computing/storage/disk/eternus-dx/
# Version: Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25
# Classifications: OWASP: A2:2017-Broken Authentication, CWEs: CWE-287 &
CWE-1028
# CVE: CVE-2020-29127
=== Description ===
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through
2020-11-25. After logging into the portal as a root user (using any web
browser), the portal can be accessed with root privileges when the URI
"cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en" is
visited from a different web browser.
After logging into the portal with a "root" user using any web browser, the
portal can be accessed with "root" privileges when the link
(http://eternus/cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplan
g=en) formed is entered from a different web browser.
Example: https://imgur.com/a/kuhCi04