製品・ソフトウェアに関する情報

JVN脆弱性詳細

Seagate Business NAS デバイスのファームウェアにおける任意のコードを実行される脆弱性

Title	Seagate Business NAS デバイスのファームウェアにおける任意のコードを実行される脆弱性
Summary	Seagate Business NAS デバイスのファームウェアには、任意のコードを実行される脆弱性が存在します。
Possible impacts	リモートの攻撃者により、トークンセッションの生成に静的な暗号鍵の使用を利用されることで、root 権限で任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 9, 2014, midnight
Registration Date	July 6, 2017, 12:24 p.m.
Last Update	July 6, 2017, 12:24 p.m.

Affected System

Seagate Technology LLC

Business NAS ファームウェア 2015.00322 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-8687	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8687
National Vulnerability Database (NVD)
2	CVE-2014-8687	https://nvd.nist.gov/vuln/detail/CVE-2014-8687

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-327	https://cwe.mitre.org/data/definitions/327.html

ベンダー情報

No	Name	URL
Seagate
1	Top Page	http://www.seagate.com/

その他

No	Name	URL
関連文書
1	Seagate Business NAS 2014.00319 Remote Code Execution	https://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html

Change Log

No	Changed Details	Date of change
0	[2017年07月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-8687

Summary	Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens.
Publication Date	June 9, 2017, 1:29 a.m.
Registration Date	Jan. 26, 2021, 3:21 p.m.
Last Update	Nov. 21, 2024, 11:19 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:seagate:business_nas_firmware:2014.00319:::::::*
execution environment
1	cpe:2.3:h:seagate:business_nas:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html	Exploit Third Party Advisory
2	http://packetstormsecurity.com/files/130585/Seagate-Business-NAS-2014.00319-Remote-Code-Execution.html	Exploit Third Party Advisory
3	http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html	Exploit Third Party Advisory
4	http://packetstormsecurity.com/files/130609/Seagate-Business-NAS-Unauthenticated-Remote-Command-Execution.html	Exploit Third Party Advisory
5	http://www.securityfocus.com/bid/72831	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/72831	Third Party Advisory VDB Entry
7	https://beyondbinary.io/articles/seagate-nas-rce/	Third Party Advisory
8	https://beyondbinary.io/articles/seagate-nas-rce/	Third Party Advisory
9	https://www.exploit-db.com/exploits/36202/	Exploit Third Party Advisory VDB Entry
10	https://www.exploit-db.com/exploits/36202/	Exploit Third Party Advisory VDB Entry
11	https://www.exploit-db.com/exploits/36264/	Exploit Third Party Advisory VDB Entry
12	https://www.exploit-db.com/exploits/36264/	Exploit Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html