Remote Code Execution Vulnerability in Seagate BlackArmor NAS
CVE-2014-3206

9.8CRITICAL

Key Information:

Vendor: Seagate
Status: Blackarmor Nas 220 Firmware
Vendor: CVE Published:; 23 February 2018

What is CVE-2014-3206?

A vulnerability in Seagate BlackArmor NAS allows remote attackers to execute arbitrary code through manipulation of the session parameter in the file located at localhost/backupmgt/localJob.php or the auth_name parameter in localhost/backupmgmt/pre_connect_check.php. This can lead to unauthorized access and control over the affected device, potentially compromising sensitive data and user privacy.

References

https://www.exploit-db.com/exploits/33159/

exploitx_refsource_EXPLOIT-DB

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2018
Vulnerability Reserved
May 3, 2014

JSON