CERTVU:903500Seagate and LaCie wireless storage products contain multiple vulnerabilities
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.018 Low
EPSS
Percentile
88.4%
Overview
Multiple Seagate wireless storage products contain multiple vulnerabilities.
Description
CWE-798**: Use of Hard-coded Credentials -**CVE-2015-2874
Some Seagate wireless storage products provide undocumented Telnet services accessible by using the default credentials of ‘root’ as username and the default password.
CWE-425**: Direct Request (‘****Forced Browsing’) -**CVE-2015-2875
Under a default configuration, some Seagate wireless storage products provides an unrestricted file download capability to anonymous attackers with wireless access to the device. An attacker can directly download files from anywhere on the filesystem.
CWE-434**: Unrestricted Upload of File with Dangerous Type****-**CVE-2015-2876
Under a default configuration, some Seagate wireless storage products provides a file upload capability to anonymous attackers with wireless access to the device’s /media/sda2 filesystem. This filesystem is reserved for file-sharing.
These vulnerabilities were confirmed by the reporter as existing in firmware versions 2.2.0.005 and 2.3.0.014, dating to October 2014. Other firmware versions may be affected.
The following devices are impacted by this issue:
* [Seagate Wireless Plus Mobile Storage](<http://www.seagate.com/external-hard-drives/portable-hard-drives/wireless/wireless-plus/>)
* [Seagate Wireless Mobile Storage](<http://www.seagate.com/products/media-video-storage/home-media-storage/wireless/>)
* [LaCie FUEL](<https://www.lacie.com/us/products/product.htm?id=10618>) (note that LaCie is a subsidiary of Seagate since [2012](<http://www.seagate.com/solutions/partners/lacie/>))
* [Seagate GoFlex Satellite](<http://www.seagate.com/goflexsatellite/>)
Impact
A remote unauthenticated attacker may access arbitrary files on the storage device, or gain root access to the device.
Solution
Update the firmware
Seagate has released firmware 3.4.1.105 to address these issues in all affected devices. Affected users are encouraged to update the firmware as soon as possible. Customers may download the firmware from Seagate’s website. Seagate encourages any customer encountering issues to contact customer service at 1-800-SEAGATE.
Vendor Information
903500
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
LaCie __ Affected
Updated: September 08, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The LaCie FUEL is affected (note that LaCie is a subsidiary of Seagate since 2012). Seagate has released firmware 3.4.1.105 to address these issues in all affected devices. Affected users are encouraged to update the firmware as soon as possible. Customers may download the firmware from Seagate’s website. Seagate encourages any customer encountering issues to contact customer service at 1-800-SEAGATE.
Vendor References
Seagate Technology LLC __ Affected
Updated: September 07, 2015
Statement Date: July 20, 2015
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The following devices are impacted by this issue:
* [`Seagate Wireless Plus Mobile Storage`](<http://www.seagate.com/external-hard-drives/portable-hard-drives/wireless/wireless-plus/>)
* [`Seagate Wireless Mobile Storage`](<http://www.seagate.com/products/media-video-storage/home-media-storage/wireless/>)
* [`LaCie FUEL`](<https://www.lacie.com/us/products/product.htm?id=10618>)
* Seagate has released firmware 3.4.1.105 to address these issues in all affected devices. Affected users are encouraged to update the firmware as soon as possible. Customers may download the firmware from . Seagate encourages any customer encountering issues to contact customer service at 1-800-SEAGATE.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.7 | AV:A/AC:L/Au:S/C:C/I:C/A:C |
| Temporal | 6 | E:POC/RL:OF/RC:C |
| Environmental | 4.5 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <https://apps1.seagate.com/downloads/request.html>
- <http://knowledge.seagate.com/articles/en_US/FAQ/207931en>
- <http://cwe.mitre.org/data/definitions/425.html>
- <http://cwe.mitre.org/data/definitions/434.html>
- <http://cwe.mitre.org/data/definitions/798.html>
Acknowledgements
Thanks to Mike Baucom, Allen Harper, and J. Rach of Tangible Security for reporting this vulnerability to us. Tangible Security would also like to publically thank Seagate for their cooperation and desire to make their products and customers more secure. Also thanks to KoreLogic for reporting the GoFlex Satellite vulnerability to Seagate and working with Seagate on a resolution.
This document was written by Garret Wassermann.
Other Information
| CVE IDs: | [CVE-2015-2874 ](<http://web.nvd.nist.gov/vuln/detail/CVE-2015-2874 >), CVE-2015-2875, CVE-2015-2876 |
|---|---|
| Date Public: | 2015-09-01 Date First Published: |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.018 Low
EPSS
Percentile
88.4%