Sign-up

ID

VAR-201706-0189


CVE

CVE-2014-8687


TITLE

Seagate Business NAS Vulnerability to execute arbitrary code in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-008320

DESCRIPTION

Seagate Business NAS devices with firmware before 2015.00322 allow remote attackers to execute arbitrary code with root privileges by leveraging use of a static encryption key to create session tokens. Seagate Business Storage 2-Bay NAS is prone to a remote-code-execution vulnerability. Failed exploit attempts will cause a denial-of-service condition

Trust: 2.07

sources: NVD: CVE-2014-8687 // JVNDB: JVNDB-2014-008320 // BID: 72831 // VULHUB: VHN-76632 // VULMON: CVE-2014-8687

AFFECTED PRODUCTS

vendor:seagatemodel:business nasscope:eqversion:2014.00319

Trust: 1.6

vendor:seagatemodel:business nasscope:ltversion:2015.00322

Trust: 0.8

vendor:seagatemodel:business storage 2-bay nasscope:eqversion:2014.00319

Trust: 0.3

vendor:seagatemodel:business storage 2-bay nasscope:eqversion:2013.60311

Trust: 0.3

sources: BID: 72831 // JVNDB: JVNDB-2014-008320 // CNNVD: CNNVD-201503-218 // NVD: CVE-2014-8687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8687
value: CRITICAL

Trust: 1.0

NVD: CVE-2014-8687
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201503-218
value: CRITICAL

Trust: 0.6

VULHUB: VHN-76632
value: HIGH

Trust: 0.1

VULMON: CVE-2014-8687
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8687
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-76632
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-8687
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-76632 // VULMON: CVE-2014-8687 // JVNDB: JVNDB-2014-008320 // CNNVD: CNNVD-201503-218 // NVD: CVE-2014-8687

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.9

sources: VULHUB: VHN-76632 // JVNDB: JVNDB-2014-008320 // NVD: CVE-2014-8687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-218

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201503-218

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008320

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-76632 // 
            
            
            
            VULMON: CVE-2014-8687

PATCH
title:Top Pageurl:http://www.seagate.com/
Trust: 0.8
title:sbarurl:https://github.com/dino213dz/sbar 
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2015/03/10/seagate_that_remote_0day_aint_so_bad_well_patch_it_in_two_months/
Trust: 0.1
title:The Registerurl:https://www.theregister.co.uk/2015/03/02/seagate_nas_owner_hide_it_behind_a_firewall/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2014-8687 // 
            
            
            
            JVNDB: JVNDB-2014-008320

EXTERNAL IDS
db:NVDid:CVE-2014-8687
Trust: 2.9
db:PACKETSTORMid:130585
Trust: 2.6
db:BIDid:72831
Trust: 2.1
db:PACKETSTORMid:130609
Trust: 1.8
db:EXPLOIT-DBid:36264
Trust: 1.8
db:EXPLOIT-DBid:36202
Trust: 1.8
db:JVNDBid:JVNDB-2014-008320
Trust: 0.8
db:CNNVDid:CNNVD-201503-218
Trust: 0.7
db:SEEBUGid:SSVID-89325
Trust: 0.1
db:SEEBUGid:SSVID-89319
Trust: 0.1
db:VULHUBid:VHN-76632
Trust: 0.1
db:VULMONid:CVE-2014-8687
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76632 // 
            
            
            
            VULMON: CVE-2014-8687 // 
            
            
            
            BID: 72831 // 
            
            
            
            JVNDB: JVNDB-2014-008320 // 
            
            
            
            CNNVD: CNNVD-201503-218 // 
            
            
            
            NVD: CVE-2014-8687

REFERENCES
url:http://packetstormsecurity.com/files/130585/seagate-business-nas-2014.00319-remote-code-execution.html
Trust: 2.6
url:http://www.securityfocus.com/bid/72831
Trust: 1.9
url:https://www.exploit-db.com/exploits/36202/
Trust: 1.9
url:https://www.exploit-db.com/exploits/36264/
Trust: 1.8
url:http://packetstormsecurity.com/files/130609/seagate-business-nas-unauthenticated-remote-command-execution.html
Trust: 1.8
url:https://beyondbinary.io/articles/seagate-nas-rce/
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8687
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-8687
Trust: 0.8
url:https://beyondbinary.io/advisory/seagate-nas-rce/
Trust: 0.3
url:http://www.seagate.com/gb/en/support/external-hard-drives/network-storage/business-storage-2-bay-nas/
Trust: 0.3
url:http://www.seagate.com/gb/en/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/327.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/dino213dz/sbar
Trust: 0.1
sources:
            
            
            VULHUB: VHN-76632 // 
            
            
            
            VULMON: CVE-2014-8687 // 
            
            
            
            BID: 72831 // 
            
            
            
            JVNDB: JVNDB-2014-008320 // 
            
            
            
            CNNVD: CNNVD-201503-218 // 
            
            
            
            NVD: CVE-2014-8687

CREDITS
OJ Reeves
Trust: 0.9
sources:
            
            
            BID: 72831 // 
            
            
            
            CNNVD: CNNVD-201503-218

SOURCES
db:VULHUBid:VHN-76632
db:VULMONid:CVE-2014-8687
db:BIDid:72831
db:JVNDBid:JVNDB-2014-008320
db:CNNVDid:CNNVD-201503-218
db:NVDid:CVE-2014-8687

LAST UPDATE DATE
2025-04-20T23:24:54.175000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-76632date:2017-06-16T00:00:00
db:VULMONid:CVE-2014-8687date:2017-06-16T00:00:00
db:BIDid:72831date:2015-03-01T00:00:00
db:JVNDBid:JVNDB-2014-008320date:2017-07-06T00:00:00
db:CNNVDid:CNNVD-201503-218date:2017-06-09T00:00:00
db:NVDid:CVE-2014-8687date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-76632date:2017-06-08T00:00:00
db:VULMONid:CVE-2014-8687date:2017-06-08T00:00:00
db:BIDid:72831date:2015-03-01T00:00:00
db:JVNDBid:JVNDB-2014-008320date:2017-07-06T00:00:00
db:CNNVDid:CNNVD-201503-218date:2015-03-10T00:00:00
db:NVDid:CVE-2014-8687date:2017-06-08T16:29:00.247