Intrusion Prevention

Seagate.Media.Server.Command.Injection

Description

This indicates an attack attempt to exploit a Command Injection vulnerability in Seagate Media Server.
The vulnerability is due to improper validation of HTTP request parameters by the application. A remote attacker may be able to exploit this to execute arbitrary system commands with root privileges, via a crafted HTTP request.

Affected Products

Seagate Media Server in Seagate Personal Cloud all versions

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

We currently unaware of any vendor supplied patches available for this issue.

CVE References

CVE-2018-5347