CVE-2014-3206

Name of the Vulnerable Software and Affected Versions Seagate BlackArmor NAS (affected versions not specified)

Description The issue is related to insufficient input validation in the localJob.php and pre connect check.php scripts of the Seagate BlackArmor NAS web interface. This can be exploited by a remote attacker to execute arbitrary code using the session and auth name parameters. The vulnerable API endpoints are "/backupmgt/localJob.php" and "/backupmgmt/pre connect check.php".

Recommendations For Seagate BlackArmor NAS, consider disabling access to the /backupmgt/localJob.php and /backupmgmt/pre connect check.php scripts until a patch is available. Restrict the use of the session and auth name parameters in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.