CVE-2012-2568 - OpenCVE

d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Seagate	Blackarmor Nas

Configuration 1 [-]

cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/49282
http://www.kb.cert.org/vuls/id/515283
http://www.securityfocus.com/bid/53670
https://exchange.xforce.ibmcloud.com/vulnerabilities/75854

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-05-25T20:00:00

Updated: 2024-08-06T19:34:25.947Z

Reserved: 2012-05-09T00:00:00

Link: CVE-2012-2568

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-05-25T20:55:01.820

Modified: 2017-08-29T01:31:37.680

Link: CVE-2012-2568

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "53670", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53670"}, {"name": "blackarmor-network-sec-bypass(75854)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"}, {"name": "49282", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49282"}, {"name": "VU#515283", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/515283"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2012-2568", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "53670", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53670"}, {"name": "blackarmor-network-sec-bypass(75854)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"}, {"name": "49282", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49282"}, {"name": "VU#515283", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/515283"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:34:25.947Z"}, "title": "CVE Program Container", "references": [{"name": "53670", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53670"}, {"name": "blackarmor-network-sec-bypass(75854)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"}, {"name": "49282", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49282"}, {"name": "VU#515283", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/515283"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2012-2568", "datePublished": "2012-05-25T20:00:00", "dateReserved": "2012-05-09T00:00:00", "dateUpdated": "2024-08-06T19:34:25.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:seagate:blackarmor_nas:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EB0AAF0-1AAE-42A4-B6B2-5A4C75D2F2EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors."}, {"lang": "es", "value": "d41d8cd98f00b204e9800998ecf8427e.php en el servidor web de gesti\u00f3n en el dispositivo Seagate BlackArmor permite a atacantes remotos cambiar la contrase\u00f1a de administrador a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-2568", "lastModified": "2017-08-29T01:31:37.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-25T20:55:01.820", "references": [{"source": "cret@cert.org", "url": "http://secunia.com/advisories/49282"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/515283"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/53670"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75854"}], "sourceIdentifier": "cret@cert.org", "vendorComments": [{"comment": "The latest revision of the Seagate Software now includes a fix, which address the previously publicized security hole. We will be communicating this to our installed base of users both by direct email as well as Update notifications sent through the BlackArmor NAS User Interface. \n\nThe software updates can be found here: \nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-110/banas-110-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-220/banas-220-firmware-master-dl/\nhttp://www.seagate.com/support/external-hard-drives/network-storage/blackarmor-nas-440/banas-440-firmware-master-dl/\n\n\n\nNote that there are 3 different versions of the firmware update, which correlate to the number of bays in the hardware (e.g 1-bay, 2-bay and 4-bay).", "lastModified": "2012-10-26T00:00:00", "organization": "Seagate"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}