FKIE_CVE-2012-2568

Vulnerability from fkie_nvd - Published: 2012-05-25 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.
References
cret@cert.orghttp://secunia.com/advisories/49282
cret@cert.orghttp://www.kb.cert.org/vuls/id/515283US Government Resource
cret@cert.orghttp://www.securityfocus.com/bid/53670
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/75854
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49282
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/515283US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53670
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75854
Impacted products
Vendor Product Version
seagate blackarmor_nas *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EB0AAF0-1AAE-42A4-B6B2-5A4C75D2F2EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "d41d8cd98f00b204e9800998ecf8427e.php en el servidor web de gesti\u00f3n en el dispositivo Seagate BlackArmor permite a atacantes remotos  cambiar la contrase\u00f1a de administrador a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2012-2568",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-25T20:55:01.820",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/49282"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/515283"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/53670"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/515283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "The latest revision of the Seagate Software now includes a fix, which address the previously publicized security hole. We will be communicating this to our installed base of users both by direct email as well as Update notifications sent through the BlackArmor NAS User Interface. \n\nThe software updates can be found here: \nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-110/banas-110-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-220/banas-220-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-440/banas-440-firmware-master-dl/\n\n\n\nNote that there are 3 different versions of the firmware update, which correlate to the number of bays in the hardware (e.g  1-bay, 2-bay and 4-bay).",
      "lastModified": "2012-10-26T00:00:00",
      "organization": "Seagate"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.