PT-2019-8888 · Seagate · Seagate Nas Os

Published

2019-05-13

Updated

2019-05-13

CVE-2018-12301

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Seagate NAS OS version 4.3.15.1

Description The issue concerns an unvalidated URL in the Download Manager, allowing attackers to access the loopback interface. This can be achieved by using a Download URL of 127.0.0.1 or localhost.

Recommendations For Seagate NAS OS version 4.3.15.1, consider restricting access to the Download Manager to minimize the risk of exploitation until a patch is available. Avoid using the Download URL with 127.0.0.1 or localhost in the affected version.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-12301

Affected Products

Seagate Nas Os

PT-2019-8888 · Seagate · Seagate Nas Os

CVE-2018-12301

Weakness Enumeration

Related Identifiers

Affected Products

References · 3