PT-2014-1969 · Seagate · Seagate Business Nas

Oj Reeves

Publicado

2014-10-07

Atualizado

2017-06-16

CVE-2014-8687

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Seagate Business NAS devices with firmware before 2015.00322

Description The issue is caused by the use of defective or risky cryptographic algorithms in the embedded software of Business NAS devices, allowing remote attackers to execute arbitrary code with root privileges. This is achieved by leveraging the use of a static encryption key to create session tokens.

Recommendations For Seagate Business NAS devices with firmware before 2015.00322, update the firmware to version 2015.00322 or later to resolve the issue.

Exploit

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

BDU:2017-01860

CVE-2014-8687

Produtos afetados

Seagate Business Nas

PT-2014-1969 · Seagate · Seagate Business Nas

CVE-2014-8687

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9