Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Seagate and LaCie wireless storage products contain multiple vulnerabilities
Informations
Name VU#903500 First vendor Publication 2015-09-01
Vendor VU-CERT Last vendor Modification 2015-09-10
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#903500

Seagate and LaCie wireless storage products contain multiple vulnerabilities

Original Release date: 01 Sep 2015 | Last revised: 10 Sep 2015

Overview

Multiple Seagate wireless storage products contain multiple vulnerabilities.

Description

CWE-798: Use of Hard-coded Credentials - CVE-2015-2874

Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of 'root' as username and the default password.

CWE-425: Direct Request ('Forced Browsing') - CVE-2015-2875

Under a default configuration, some Seagate wireless storage products provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.

CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2015-2876

Under a default configuration, some Seagate wireless storage products provides a file upload capability to anonymous attackers with wireless access to the device's /media/sda2 filesystem. This filesystem is reserved for file-sharing.

These vulnerabilities were confirmed by the reporter as existing in firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014. Other firmware versions may be affected.

The following devices are impacted by this issue:

  • Seagate Wireless Plus Mobile Storage
  • Seagate Wireless Mobile Storage
  • LaCie FUEL (note that LaCie is a subsidiary of Seagate since 2012)

Impact

A remote unauthenticated attacker may access arbitrary files on the storage device, or gain root access to the device.

Solution

Update the firmware
Seagate has released firmware 3.4.1.105 to address these issues in all affected devices. Affected users are encouraged to update the firmware as soon as possible. Customers may download the firmware from Seagate's website. Seagate encourages any customer encountering issues to contact customer service at 1-800-SEAGATE.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
LaCieAffected-08 Sep 2015
Seagate Technology LLCAffected-07 Sep 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base7.7AV:A/AC:L/Au:S/C:C/I:C/A:C
Temporal6.0E:POC/RL:OF/RC:C
Environmental4.5CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • https://apps1.seagate.com/downloads/request.html
  • http://knowledge.seagate.com/articles/en_US/FAQ/207931en
  • http://cwe.mitre.org/data/definitions/425.html
  • http://cwe.mitre.org/data/definitions/434.html
  • http://cwe.mitre.org/data/definitions/798.html

Credit

Thanks to Mike Baucom, Allen Harper, and J. Rach of Tangible Security for reporting this vulnerability to us. Tangible Security would also like to publically thank Seagate for their cooperation and desire to make their products and customers more secure.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-2874 CVE-2015-2875CVE-2015-2876
  • Date Public:01 Sep 2015
  • Date First Published:01 Sep 2015
  • Date Last Updated:10 Sep 2015
  • Document Revision:60

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/903500

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-255 Credentials Management
50 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1
Os 1
Os 1

Snort® IPS/IDS

Date Description
2016-03-14 Seagate GoFlex Satellite hidden credentials authentication attempt
RuleID : 37147 - Revision : 2 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2016-01-01 00:28:04
  • Multiple Updates
2015-12-31 21:28:35
  • Multiple Updates
2015-12-31 09:27:36
  • Multiple Updates
2015-09-10 17:23:41
  • Multiple Updates
2015-09-08 21:26:02
  • Multiple Updates
2015-09-08 17:25:59
  • Multiple Updates
2015-09-08 05:30:26
  • Multiple Updates
2015-09-02 21:24:23
  • Multiple Updates
2015-09-02 00:22:53
  • First insertion