Sign-up

ID

VAR-201710-0032


CVE

CVE-2013-6924


TITLE

Seagate BlackArmor NAS Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-006781

DESCRIPTION

Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. Seagate BlackArmor NAS The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Seagate BlackArmor NAS is a network storage device. BlackArmor NAS 220 storage server is prone to the following remote security vulnerabilities: 1. Multiple cross-site request forgery vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An arbitrary code-execution vulnerability Attackers can exploit these issues to perform certain unauthorized actions, execute HTML and script code and steal cookie-based authentication credentials and execute arbitrary code. Other attacks are possible. BlackArmor NAS 220 running firmware sg2000-2000.1331 is vulnerable; other versions may also be affected. Seagate BlackArmor NAS is a network storage server of Seagate Corporation of the United States, which can provide layered protection, data increment and system backup and recovery for business-critical data

Trust: 2.61

sources: NVD: CVE-2013-6924 // JVNDB: JVNDB-2013-006781 // CNVD: CNVD-2014-00095 // BID: 64655 // VULHUB: VHN-66926 // VULMON: CVE-2013-6924

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00095

AFFECTED PRODUCTS

vendor:seagatemodel:blackarmor nas 220scope:eqversion:sg2000-2000.1331

Trust: 2.4

vendor:seagatemodel:technology llc blackarmor nas sg2000-2000.1331scope:eqversion:220

Trust: 0.6

sources: CNVD: CNVD-2014-00095 // JVNDB: JVNDB-2013-006781 // CNNVD: CNNVD-201710-307 // NVD: CVE-2013-6924

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6924
value: CRITICAL

Trust: 1.0

NVD: CVE-2013-6924
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2014-00095
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201710-307
value: CRITICAL

Trust: 0.6

VULHUB: VHN-66926
value: HIGH

Trust: 0.1

VULMON: CVE-2013-6924
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-6924
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2014-00095
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-66926
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2013-6924
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2014-00095 // VULHUB: VHN-66926 // VULMON: CVE-2013-6924 // JVNDB: JVNDB-2013-006781 // CNNVD: CNNVD-201710-307 // NVD: CVE-2013-6924

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-66926 // JVNDB: JVNDB-2013-006781 // NVD: CVE-2013-6924

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-307

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-307

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006781

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-66926 // 
            
            
            
            VULMON: CVE-2013-6924

PATCH
title:BlackArmor NAS 220url:https://www.seagate.com/jp/ja/support/external-hard-drives/network-storage/blackarmor-nas-220/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006781

EXTERNAL IDS
db:NVDid:CVE-2013-6924
Trust: 3.5
db:BIDid:64655
Trust: 2.7
db:PACKETSTORMid:124688
Trust: 2.6
db:EXPLOIT-DBid:30725
Trust: 0.8
db:JVNDBid:JVNDB-2013-006781
Trust: 0.8
db:CNNVDid:CNNVD-201710-307
Trust: 0.7
db:CNVDid:CNVD-2014-00095
Trust: 0.6
db:EXPLOIT-DBid:30723
Trust: 0.1
db:SEEBUGid:SSVID-84090
Trust: 0.1
db:SEEBUGid:SSVID-84092
Trust: 0.1
db:SEEBUGid:SSVID-61288
Trust: 0.1
db:VULHUBid:VHN-66926
Trust: 0.1
db:VULMONid:CVE-2013-6924
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00095 // 
            
            
            
            VULHUB: VHN-66926 // 
            
            
            
            VULMON: CVE-2013-6924 // 
            
            
            
            BID: 64655 // 
            
            
            
            JVNDB: JVNDB-2013-006781 // 
            
            
            
            CNNVD: CNNVD-201710-307 // 
            
            
            
            NVD: CVE-2013-6924

REFERENCES
url:http://packetstormsecurity.com/files/124688/seagate-blackarmor-nas-sg2000-2000.1331-remote-command-execution.html
Trust: 2.6
url:http://www.securityfocus.com/bid/64655
Trust: 1.9
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90109
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6924
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2013-6924
Trust: 0.8
url:http://www.exploit-db.com/exploits/30725/
Trust: 0.7
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00095 // 
            
            
            
            VULHUB: VHN-66926 // 
            
            
            
            VULMON: CVE-2013-6924 // 
            
            
            
            JVNDB: JVNDB-2013-006781 // 
            
            
            
            CNNVD: CNNVD-201710-307 // 
            
            
            
            NVD: CVE-2013-6924

CREDITS
Jeroen - IT Nerdbox
Trust: 0.3
sources:
            
            
            BID: 64655

SOURCES
db:CNVDid:CNVD-2014-00095
db:VULHUBid:VHN-66926
db:VULMONid:CVE-2013-6924
db:BIDid:64655
db:JVNDBid:JVNDB-2013-006781
db:CNNVDid:CNNVD-201710-307
db:NVDid:CVE-2013-6924

LAST UPDATE DATE
2025-04-20T23:25:56.900000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00095date:2014-01-08T00:00:00
db:VULHUBid:VHN-66926date:2017-11-03T00:00:00
db:VULMONid:CVE-2013-6924date:2017-11-03T00:00:00
db:BIDid:64655date:2015-03-19T09:05:00
db:JVNDBid:JVNDB-2013-006781date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-307date:2017-10-13T00:00:00
db:NVDid:CVE-2013-6924date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00095date:2014-01-08T00:00:00
db:VULHUBid:VHN-66926date:2017-10-11T00:00:00
db:VULMONid:CVE-2013-6924date:2017-10-11T00:00:00
db:BIDid:64655date:2014-01-06T00:00:00
db:JVNDBid:JVNDB-2013-006781date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-307date:2017-10-13T00:00:00
db:NVDid:CVE-2013-6924date:2017-10-11T12:29:00.207