PT-2020-8535 · Drobo 5N2 · Drobo 5N2

Published

2020-02-24

Updated

2020-03-02

CVE-2018-14705

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Drobo 5N2 version 4.0.5

Description: The issue is related to the lack of authentication/authorization validation in all optional applications. This allows any user who can access the device over the network to interact with and control these applications, posing severe risks to the availability, confidentiality, and integrity of data stored within the applications and the device itself.

Recommendations: For Drobo 5N2 version 4.0.5, consider disabling all optional applications until a patch is available to add proper authentication/authorization validation. Restrict access to the device over the network to minimize the risk of exploitation.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-14705

Affected Products

Drobo 5N2

PT-2020-8535 · Drobo 5N2 · Drobo 5N2

CVE-2018-14705

Weakness Enumeration

Related Identifiers

Affected Products

References · 5