New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Seagate Central Storage SSH User Add (CVE-2020-6627) Module #12844
Conversation
documentation/modules/exploit/linux/http/seagate_central_ssh_user_add.md
Outdated
Show resolved
Hide resolved
documentation/modules/exploit/linux/http/seagate_central_ssh_user_add.md
Show resolved
Hide resolved
…ser_add.md Co-Authored-By: bcoles <bcoles@gmail.com>
Co-Authored-By: bcoles <bcoles@gmail.com>
Co-Authored-By: bcoles <bcoles@gmail.com>
Co-Authored-By: bcoles <bcoles@gmail.com>
Co-Authored-By: bcoles <bcoles@gmail.com>
|
Hi there, @EgeBalci! It looks like no one has one of these devices handy and can test it. Can you send a pcap and screenshots of it working and logging in as a new user? You can email msfdev[at]rapid7.com |
|
Hi, I have tested this module many times, it worked fine in all cases. And there are plenty of vulnerable devices exposed to internet that can be validated. You can search with this shodan query. Also advisory contains a asciinema recording of the module. Please try to test/validate by these means because my personal device is at my workplace which is in quarantine because of COVID-19 |
|
Testing a module against devices you don't own or don't have authorization to test, like those on shodan, would be illegal. |
|
Since we can't merge this without testing it and we don't have access to (and legal authorization) for testing this vulnerability, I'm got to mark this as Thanks alot for the contribution! |
Bonjour again✋
This module exploits the broken access control vulnerability (CVE-2020-6627) of Seagate Central Storage NAS product and adds a new system user. An unauthenticated user can access the NAS device via adding a new system user with root privileges.
Verification
List the steps needed to make sure this thing works
msfconsoleuse exploit/linux/http/seagate_central_ssh_user_addRHOSTRPORTexploitState successfully changed !User: ...andPass: ...Technical Details and MSF Module in Asciinema
https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/