CVE-2020-6627

Опубликовано: 06 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request.

Ссылки

http://packetstormsecurity.com/files/172590/Seagate-Central-Storage-2015.0916-User-Creation-Command-Execution.html
https://github.com/rapid7/metasploit-framework/pull/12844
Exploit
Issue Tracking
Third Party Advisory
https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/
Exploit
Third Party Advisory
https://www.invictuseurope.com/blog/
Broken Link
http://packetstormsecurity.com/files/172590/Seagate-Central-Storage-2015.0916-User-Creation-Command-Execution.html
https://github.com/rapid7/metasploit-framework/pull/12844
Exploit
Issue Tracking
Third Party Advisory
https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/
Exploit
Third Party Advisory
https://www.invictuseurope.com/blog/
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:seagate:stcg2000300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:seagate:stcg2000300:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:seagate:stcg3000300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:seagate:stcg3000300:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:seagate:stcg4000300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:seagate:stcg4000300:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14059

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-6q9w-5qvx-ggjm

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 94%

0.14059

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78