CVE-2012-2568

d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/49282
http://www.kb.cert.org/vuls/id/515283	US Government Resource
http://www.securityfocus.com/bid/53670
https://exchange.xforce.ibmcloud.com/vulnerabilities/75854

Configurations

Configuration 1 (hide)

cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-05-25 20:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-2568

Mitre link : CVE-2012-2568

CVE.ORG link : CVE-2012-2568

JSON object : View

Products Affected

seagate

blackarmor_nas

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2012-2568", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-05-25T20:55:01.820", "references": [{"url": "http://secunia.com/advisories/49282", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/515283", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/53670", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."}, {"lang": "es", "value": "d41d8cd98f00b204e9800998ecf8427e.php en el servidor web de gesti\u00f3n en el dispositivo Seagate BlackArmor permite a atacantes remotos cambiar la contrase\u00f1a de administrador a trav\u00e9s de vectores no especificados."}], "lastModified": "2017-08-29T01:31:37.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB0AAF0-1AAE-42A4-B6B2-5A4C75D2F2EE"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The latest revision of the Seagate Software now includes a fix, which address the previously publicized security hole. We will be communicating this to our installed base of users both by direct email as well as Update notifications sent through the BlackArmor NAS User Interface. \n\nThe software updates can be found here: \nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-110/banas-110-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-220/banas-220-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-440/banas-440-firmware-master-dl/\n\n\n\nNote that there are 3 different versions of the firmware update, which correlate to the number of bays in the hardware (e.g 1-bay, 2-bay and 4-bay).", "lastModified": "2012-10-26T00:00:00", "organization": "Seagate"}], "sourceIdentifier": "cret@cert.org"}