CVE-2012-2568

{"id": "CVE-2012-2568", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-05-25T20:55:01.820", "references": [{"url": "http://secunia.com/advisories/49282", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/515283", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/53670", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/49282", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/515283", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/53670", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."}, {"lang": "es", "value": "d41d8cd98f00b204e9800998ecf8427e.php en el servidor web de gesti\u00f3n en el dispositivo Seagate BlackArmor permite a atacantes remotos cambiar la contrase\u00f1a de administrador a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T01:39:14.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB0AAF0-1AAE-42A4-B6B2-5A4C75D2F2EE"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The latest revision of the Seagate Software now includes a fix, which address the previously publicized security hole. We will be communicating this to our installed base of users both by direct email as well as Update notifications sent through the BlackArmor NAS User Interface. \n\nThe software updates can be found here: \nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-110/banas-110-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-220/banas-220-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-440/banas-440-firmware-master-dl/\n\n\n\nNote that there are 3 different versions of the firmware update, which correlate to the number of bays in the hardware (e.g 1-bay, 2-bay and 4-bay).", "lastModified": "2012-10-26T00:00:00", "organization": "Seagate"}], "sourceIdentifier": "cret@cert.org"}