Seagate.Business.NAS.PreAuthentication.Code.Execution
Description
This indicates an attack attempt against a File Inclusion vulnerability in Seagate Business NAS Web Service.
The vulnerability is caused by an error when handling the language parameter of the CodeIgniter session cookie. It allows a remote attacker to execute arbitrary code on vulnerable systems via a crafted http request.
Affected Products
Seagate Business NAS 2014.00319 and earlier versions
Impact
System Compromise: Remote attacker can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-08-04 | 18.133 | Sig Added |