PT-2019-8882 · Seagate · Seagate Nas Os

Published

2019-05-13

Updated

2019-05-13

CVE-2018-12295

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Seagate NAS OS version 4.3.15.1

Description The issue allows attackers to execute arbitrary SQL commands. This is achieved via the dirId URL parameter in the folderViewSpecific.psp file.

Recommendations For Seagate NAS OS version 4.3.15.1, avoid using the dirId parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-12295

Affected Products

Seagate Nas Os

PT-2019-8882 · Seagate · Seagate Nas Os

CVE-2018-12295

Weakness Enumeration

Related Identifiers

Affected Products

References · 3