Remote Command Execution Vulnerability in Seagate BlackArmor NAS Devices
CVE-2013-6924

9.8CRITICAL

Key Information:

Vendor

Seagate

Status
Blackarmor Nas 220 Firmware
Vendor
CVE Published:
11 October 2017

What is CVE-2013-6924?

Seagate BlackArmor NAS devices with the affected firmware version are susceptible to a vulnerability that allows remote attackers to execute arbitrary commands. This is achieved through the manipulation of shell metacharacters in the 'ip' parameter when accessing the backup management interface at getAlias.php. As a result, unauthorized access and potential system compromise can occur, emphasizing the need for immediate updates and patching of the affected firmware.

References

http://www.securityfocus.com/bid/64655
vdb-entryx_refsource_BID
http://packetstormsecurity.com/files/124688/Seagate-Black...
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/90109
vdb-entryx_refsource_XF

EPSS Score

49% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.