Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Seagate Central Storage SSH User Add (CVE-2020-6627) Module #12844

Closed
wants to merge 10 commits into from

Conversation

EgeBalci
Copy link
Contributor

@EgeBalci EgeBalci commented Jan 16, 2020

Bonjour again

This module exploits the broken access control vulnerability (CVE-2020-6627) of Seagate Central Storage NAS product and adds a new system user. An unauthenticated user can access the NAS device via adding a new system user with root privileges.

Verification

List the steps needed to make sure this thing works

  • Start msfconsole
  • use exploit/linux/http/seagate_central_ssh_user_add
  • Set RHOST
  • Set RPORT
  • Run exploit
  • Verify that you are seeing State successfully changed !
  • Verify that you are seeing User: ... and Pass: ...
  • Verify that you are getting SSH session.

Technical Details and MSF Module in Asciinema
https://pentest.blog/advisory-seagate-central-storage-remote-code-execution/

@bwatters-r7 bwatters-r7 added the needs-testing-environment PRs that need community testing and/or vulnerable test targets before they're able to be landed label Feb 14, 2020
@bwatters-r7
Copy link
Contributor

Hi there, @EgeBalci! It looks like no one has one of these devices handy and can test it. Can you send a pcap and screenshots of it working and logging in as a new user? You can email msfdev[at]rapid7.com

@EgeBalci
Copy link
Contributor Author

Hi, I have tested this module many times, it worked fine in all cases. And there are plenty of vulnerable devices exposed to internet that can be validated. You can search with this shodan query. Also advisory contains a asciinema recording of the module. Please try to test/validate by these means because my personal device is at my workplace which is in quarantine because of COVID-19 😢

@h00die
Copy link
Contributor

h00die commented Mar 25, 2020

Testing a module against devices you don't own or don't have authorization to test, like those on shodan, would be illegal.

@smcintyre-r7
Copy link
Contributor

Since we can't merge this without testing it and we don't have access to (and legal authorization) for testing this vulnerability, I'm got to mark this as attic and close it out. If at a later point in time we can get a PCap, or access and authorization for testing we'd be happy to revisit it at that time.

Thanks alot for the contribution!

@smcintyre-r7 smcintyre-r7 added the attic Older submissions that we still want to work on again label Apr 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
attic Older submissions that we still want to work on again docs module needs-testing-environment PRs that need community testing and/or vulnerable test targets before they're able to be landed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants