Lucene search

[email protected]CVE-2014-3205

HistoryFeb 23, 2018 - 5:29 p.m.

CVE-2014-3205

2018-02-2317:29:00

CWE-798

[email protected]

web.nvd.nist.gov

seagate

blackarmor nas

hard-coded password

vulnerability

cve-2014-3205

nvd

backdoor

pre_connect_check.php

security

exploit

nas

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.5%

JSON

backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of ‘!~@##$$%FREDESWWSED’ for a backdoor user.

CPENameOperatorVersion
seagate:blackarmor_nas_220_firmwareseagate blackarmor nas 220 firmwareeq-
seagate:blackarmor_nas_110_firmwareseagate blackarmor nas 110 firmwareeq-

CPE	Name	Operator	Version
seagate:blackarmor_nas_220_firmware	seagate blackarmor nas 220 firmware	eq	-
seagate:blackarmor_nas_110_firmware	seagate blackarmor nas 110 firmware	eq	-

References

www.exploit-db.com/exploits/33159/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2014-3205

cvelist1 prion1