PT-2019-8887 · Seagate · Seagate Nas Os

Published

2019-05-13

Updated

2019-05-13

CVE-2018-12300

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Seagate NAS OS version 4.3.15.1

Description The issue allows attackers to disclose information in the Referer header via the 'state' URL parameter in echo-server.html. This is due to an arbitrary redirect in the affected software.

Recommendations For Seagate NAS OS version 4.3.15.1, avoid using the state URL parameter in the affected echo-server.html until the issue is resolved. As a temporary workaround, consider restricting access to the echo-server.html page to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2018-12300

Affected Products

Seagate Nas Os

PT-2019-8887 · Seagate · Seagate Nas Os

CVE-2018-12300

Weakness Enumeration

Related Identifiers

Affected Products

References · 3