Vulnerability Details : CVE-2012-2568
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
Products affected by CVE-2012-2568
- cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2568
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2568
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-2568
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2012-2568
-
Seagate 2012-10-26The latest revision of the Seagate Software now includes a fix, which address the previously publicized security hole. We will be communicating this to our installed base of users both by direct email as well as Update notifications sent through the BlackArmor NAS User Interface. The software updates can be found here: http://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-110/banas-110-firmware-master-dl/ http://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-220/banas-220-firmware-master-dl/ http://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-440/banas-440-firmware-master-dl/ Note that there are 3 different versions of the firmware update, which correlate to the number of bays in the hardware (e.g 1-bay, 2-bay and 4-bay).
References for CVE-2012-2568
-
http://www.kb.cert.org/vuls/id/515283
VU#515283 - Seagate BlackArmor device static administrator password reset vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/53670
BlackArmor Network Administrator Password Reset Security Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75854
Seagate BlackArmor network security bypass CVE-2012-2568 Vulnerability Report
Jump to