Fujitsu Cloud Storage Vulnerabilities Detection

Fujitsu Eternus CS8000 (Control Center) V8.1. was deemed vulnerable to privilege escalation attacks in early April 2022, with the Fujitsu PSIRT (Product Security Incident Response Team) releasing an official security notice on June 1, 2022. Security researchers reported two security holes in the vendor’s Control Center software that enabled unauthorized attackers to gain remote code execution, thus running arbitrary commands on the compromised system.

Detect Exploitation Attempts of Bugs in Fujitsu Control Center Software

Detect the exploitation attempts using the Sigma rule provided by a team of keen threat hunting engineers from SOC Prime. Hunting professionally? Share your knowledge with other SOC experts, hunt for threats within 25+ supported SIEM, EDR, and XDR technologies, and see your detection content displayed in the SOC Prime’s vast library of rules by joining our Threat Bounty Program.

Possible Fujitsu CentricStor Command Injection Attempt (via webserver)

This detection has translations for the following SIEM, EDR & XDR platforms: Microsoft Sentinel, Elastic Stack, Splunk, Humio, Sumo Logic, ArcSight, QRadar, FireEye, LogPoint, Graylog, Regex Grep, RSA NetWitness, Chronicle Security, Securonix, Apache Kafka ksqlDB, Open Distro, and AWS OpenSearch.

The rule is aligned with the MITRE ATT&CK® framework v.10, addressing the Initial Access tactic with Exploit Public-Facing Application (T1190) as the main technique.

Join SOC Prime, the world’s first platform for collaborative cyber defense, threat hunting, and discovery that integrates with 25+ SIEM and XDR platforms. Hunt for the latest threats, automate threat investigation, and get feedback and vetting by a community of 23,000+ security professionals to boost your security operations. Register by clicking the Detect & Hunt button below. For instant access to Sigma rules with comprehensive contextual information on a particular APT, exploit, or CVE, browse through SOC Prime’s Cyber Threat Search Engine; no registration is required.

Detect & Hunt Explore Threat Context

Fujitsu Vulnerabilities’ Analysis

Fujitsu CentricStor Control Center V8.1 was affected by two command injection flaws in mid-Spring 2022. The bugs were discovered by the NCC Group’s Fox-IT, who disclosed that the new vulnerabilities were caused by insufficient user input validation in two PHP scripts that are routinely included post-authentication.

These vulnerabilities allowed an attacker with no prior authentication to execute any command on the breached system. Any attacker with full control may access, edit, or destroy the entire virtual backup tapes. This may be the first step of a ransomware attack that leaves the target no choice but to pay the ransom to restore the data.

The vendor has assigned a Fujitsu ARF (Affection Risk Factor) to those vulnerabilities as Low-Medium.

The Fujitsu PSIRT recommends the affected users patch immediately using the official product updates.

Implementing a proactive cybersecurity approach to improve cybersecurity posture with SOC Prime’s Detection as Code platform. Stay one step ahead of attackers and take your cyber defense capabilities to the next level!