Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/36264/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/36202/ | Exploit Third Party Advisory VDB Entry |
https://beyondbinary.io/articles/seagate-nas-rce/ | Third Party Advisory |
http://www.securityfocus.com/bid/72831 | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2017-06-08 09:29
Updated : 2017-06-16 10:40
NVD link : CVE-2014-8687
Mitre link : CVE-2014-8687
JSON object : View
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
Products Affected
seagate
- business_nas
- business_nas_firmware