CVE-2013-6922

2014-01-2116:06:19

CWE-352

[email protected]

web.nvd.nist.gov

cve-2013-6922

cross-site request forgery

csrf

seagate blackarmor nas 220

firmware vulnerabilities

remote authentication hijacking

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.2%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.

Affected configurations

NVD

Node

seagateblackarmor_nas_220_firmwareMatchsg2000-2000.1331

AND

seagateblackarmor_nas_220Matchst320005lsa10g-rk

seagateblackarmor_nas_220Matchst340005lsa10g-rk

seagateblackarmor_nas_220Matchstav6000100

CPENameOperatorVersion
seagate:blackarmor_nas_220_firmwareseagate blackarmor nas 220 firmwareeqsg2000-2000.1331
seagate:blackarmor_nas_220seagate blackarmor nas 220eqst320005lsa10g-rk
seagate:blackarmor_nas_220seagate blackarmor nas 220eqst340005lsa10g-rk
seagate:blackarmor_nas_220seagate blackarmor nas 220eqstav6000100

CPE	Name	Operator	Version
seagate:blackarmor_nas_220_firmware	seagate blackarmor nas 220 firmware	eq	sg2000-2000.1331
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	st320005lsa10g-rk
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	st340005lsa10g-rk
seagate:blackarmor_nas_220	seagate blackarmor nas 220	eq	stav6000100