CVE-2023-39379
📋 TL;DR
Fujitsu Software Infrastructure Manager (ISM) versions V2.8.0.060 store proxy server passwords in cleartext within maintenance data files (ismsnap). This allows attackers with access to these files to retrieve sensitive credentials. Affected products include Advanced Edition, Advanced Edition for PRIMEFLEX, and Essential Edition.
💻 Affected Systems
- Fujitsu Software Infrastructure Manager Advanced Edition
- Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX
- Fujitsu Software Infrastructure Manager Essential Edition
📦 What is this software?
Software Infrastructure Manager by Fujitsu
Software Infrastructure Manager by Fujitsu
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain proxy server credentials, potentially gaining access to internal networks, performing man-in-the-middle attacks, or using the proxy for malicious activities.
Likely Case
Local attackers or malicious insiders with file system access retrieve proxy passwords, compromising network security and potentially exposing other systems.
If Mitigated
With proper access controls, only authorized administrators can access the maintenance data, limiting exposure to trusted personnel.
🎯 Exploit Status
Exploitation is straightforward for anyone with access to the ismsnap files; no special tools or techniques needed beyond file reading.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for updated versions
Vendor Advisory: https://support.ts.fujitsu.com/IndexProdSecurity.asp?lng=en
Restart Required: Yes
Instructions:
1. Check Fujitsu security advisory for patched version. 2. Backup ISM configuration. 3. Apply vendor-provided patch or upgrade to fixed version. 4. Restart ISM services. 5. Verify proxy configuration still works.
🔧 Temporary Workarounds
Restrict File Access
allSet strict file permissions on ismsnap maintenance data directory to prevent unauthorized read access.
chmod 700 /path/to/ismsnap (Linux)
icacls "C:\path\to\ismsnap" /inheritance:r /grant:r "Administrators:F" (Windows)
Remove Proxy Configuration
allTemporarily disable or remove proxy server configuration from ISM if not essential.
Edit ISM configuration to remove proxy settings
🧯 If You Can't Patch
- Implement strict access controls on ISM server to limit who can access maintenance data files.
- Monitor file access to ismsnap directory for unauthorized attempts and implement network segmentation to isolate ISM server.
🔍 How to Verify
Check if Vulnerable:
Check if ISM version is V2.8.0.060 and examine ismsnap files for cleartext proxy passwords using grep or search tools.Check Version:
Check ISM administration interface or configuration files for version information.Verify Fix Applied:
After patching, verify no cleartext passwords exist in ismsnap files and check ISM version is updated.📡 Detection & Monitoring
Log Indicators:
- Unauthorized file access attempts to ismsnap directory
- Failed authentication attempts to proxy server from unexpected sources
Network Indicators:
- Unusual proxy server connections from ISM server IP
- Anomalous outbound traffic patterns
SIEM Query:
source="ISM_server" AND (event="FileAccess" AND file_path="*ismsnap*") OR (event="ProxyAuth" AND result="failure")