Sign-up

ID

VAR-201401-0161


CVE

CVE-2013-6923


TITLE

Seagate BlackArmor NAS 220 Cross-site scripting vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-001028

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php. The Seagate BlackArmor NAS is a network storage device. The workgroup configuration is subject to a persistent cross-site scripting attack. When a user is added to the device, the application does not properly filter the user name field data, allowing the attacker to exploit the vulnerability to inject malicious scripts or HTML code. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities: 1. Multiple cross-site request forgery vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An arbitrary code-execution vulnerability Attackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. BlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. It can provide layered protection, data increment and system backup and recovery for business-critical data. The vulnerability is caused by the admin/access_control_user_edit.php script not adequately filtering the 'fullname' parameter and the admin/network_workgroup_domain.php script not properly filtering the 'workname' parameter . # Exploit Title: Seagate BlackArmor NAS - Multiple Persistent Cross Site Scripting Vulnerabilities # Google Dork: N/A # Date: 04-01-2014 # Exploit Author: Jeroen - IT Nerdbox # Vendor Homepage: <http://www.seagate.com/> http://www.seagate.com/ # Software Link: <http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/ > http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/ # Version: sg2000-2000.1331 # Tested on: N/A # CVE : CVE-2013-6923 # ## Description: # # When adding a user to the device, it is possible to enter a full name. This input field does not # sanitize its input and it is possible to enter any payload which will get executed upon reload. The Work Group name input # field does not sanitize its input. # # This vulnerability was reported to Seagate in September 2013, they stated that this will not be fixed. # ## Proof of Concept #1: # # POST: http(s)://<url | ip>/admin/access_control_user_edit.php?id=2&lang=en # Parameters: # # index = 2 # fullname = <script>alert(1);</script> # submit = Submit # # ## Proof of Concept #2: # # POST: http(s)://<url | ip>/admin/network_workgroup_domain.php?lang=en&gi=n003 # Parameter: # # workname = "><input onmouseover=prompt(1) >

Trust: 2.61

sources: NVD: CVE-2013-6923 // JVNDB: JVNDB-2014-001028 // CNVD: CNVD-2014-00094 // BID: 64655 // VULHUB: VHN-66925 // PACKETSTORM: 124685

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00094

AFFECTED PRODUCTS

vendor:seagatemodel:blackarmor nas 220scope:eqversion:sg2000-2000.1331

Trust: 2.4

vendor:seagatemodel:blackarmor nas 220scope:eqversion:st320005lsa10g-rk

Trust: 1.8

vendor:seagatemodel:blackarmor nas 220scope:eqversion:st340005lsa10g-rk

Trust: 1.8

vendor:seagatemodel:blackarmor nas 220scope:eqversion:stav6000100

Trust: 1.8

vendor:seagatemodel:technology llc blackarmor nas sg2000-2000.1331scope:eqversion:220

Trust: 0.6

sources: CNVD: CNVD-2014-00094 // JVNDB: JVNDB-2014-001028 // CNNVD: CNNVD-201401-126 // NVD: CVE-2013-6923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6923
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6923
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00094
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-126
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66925
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6923
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00094
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66925
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00094 // VULHUB: VHN-66925 // JVNDB: JVNDB-2014-001028 // CNNVD: CNNVD-201401-126 // NVD: CVE-2013-6923

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-66925 // JVNDB: JVNDB-2014-001028 // NVD: CVE-2013-6923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-126

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 124685 // CNNVD: CNNVD-201401-126

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001028

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-66925

PATCH
title:BlackArmor NAS 220url:http://www.seagate.com/jp/ja/external-hard-drives/network-storage/business/blackarmor-nas-220/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001028

EXTERNAL IDS
db:NVDid:CVE-2013-6923
Trust: 3.5
db:PACKETSTORMid:124685
Trust: 2.6
db:EXPLOIT-DBid:30727
Trust: 2.3
db:XFid:90111
Trust: 1.4
db:BIDid:64655
Trust: 0.9
db:JVNDBid:JVNDB-2014-001028
Trust: 0.8
db:CNNVDid:CNNVD-201401-126
Trust: 0.7
db:CNVDid:CNVD-2014-00094
Trust: 0.6
db:XFid:20136923
Trust: 0.6
db:SEEBUGid:SSVID-84094
Trust: 0.1
db:VULHUBid:VHN-66925
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00094 // 
            
            
            
            VULHUB: VHN-66925 // 
            
            
            
            BID: 64655 // 
            
            
            
            JVNDB: JVNDB-2014-001028 // 
            
            
            
            PACKETSTORM: 124685 // 
            
            
            
            CNNVD: CNNVD-201401-126 // 
            
            
            
            NVD: CVE-2013-6923

REFERENCES
url:http://packetstormsecurity.com/files/124685
Trust: 2.5
url:http://www.exploit-db.com/exploits/30727
Trust: 1.7
url:http://xforce.iss.net/xforce/xfdb/90111
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90111
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6923
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6923
Trust: 0.8
url:http://www.exploit-db.com/exploits/30727/
Trust: 0.6
url:http://www.seagate.com/support/downloads/item/banas-220-firmware-master-dl/
Trust: 0.1
url:http://www.seagate.com/>
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-6923
Trust: 0.1
url:http://www.seagate.com/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00094 // 
            
            
            
            VULHUB: VHN-66925 // 
            
            
            
            JVNDB: JVNDB-2014-001028 // 
            
            
            
            PACKETSTORM: 124685 // 
            
            
            
            CNNVD: CNNVD-201401-126 // 
            
            
            
            NVD: CVE-2013-6923

CREDITS
Jeroen - IT Nerdbox
Trust: 0.3
sources:
            
            
            BID: 64655

SOURCES
db:CNVDid:CNVD-2014-00094
db:VULHUBid:VHN-66925
db:BIDid:64655
db:JVNDBid:JVNDB-2014-001028
db:PACKETSTORMid:124685
db:CNNVDid:CNNVD-201401-126
db:NVDid:CVE-2013-6923

LAST UPDATE DATE
2025-04-11T22:48:24.323000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00094date:2014-01-08T00:00:00
db:VULHUBid:VHN-66925date:2017-08-29T00:00:00
db:BIDid:64655date:2015-03-19T09:05:00
db:JVNDBid:JVNDB-2014-001028date:2014-01-14T00:00:00
db:CNNVDid:CNNVD-201401-126date:2014-01-10T00:00:00
db:NVDid:CVE-2013-6923date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00094date:2014-01-08T00:00:00
db:VULHUBid:VHN-66925date:2014-01-09T00:00:00
db:BIDid:64655date:2014-01-06T00:00:00
db:JVNDBid:JVNDB-2014-001028date:2014-01-14T00:00:00
db:PACKETSTORMid:124685date:2014-01-06T13:02:22
db:CNNVDid:CNNVD-201401-126date:2014-01-10T00:00:00
db:NVDid:CVE-2013-6923date:2014-01-09T18:55:08.150