CVE-2013-6924

Name of the Vulnerable Software and Affected Versions Seagate BlackArmor NAS versions sg2000-2000.1331

Description The issue is related to the failure to neutralize special elements used in a command in the getAlias.php script of the Seagate BlackArmor NAS network storage microprogram. This can be exploited by a remote attacker to execute arbitrary shell commands using the ip parameter in HTTP requests to the backupmgt/getAlias.php script.

Recommendations For Seagate BlackArmor NAS versions sg2000-2000.1331, consider restricting access to the backupmgt/getAlias.php script to minimize the risk of exploitation. Avoid using the ip parameter in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.