This month only – get free shipping with no minimum purchase! Order early to avoid holiday shipping delays. Shop now
Find the perfect storage for your loved ones with our holiday gift guide! Shop now
Open

Seagate Security Advisories

To report a security vulnerability, please go to the Seagate Responsible Vulnerability Disclosure Policy, fill out and submit the vulnerability form.

 

Issue Products Solution Release Date
CVE-2022-37434
CVE-2018-25032
RAID enabled SeaChest and SeaDragon

Some versions of RAID enabled SeaDragon and RAID enabled SeaChest use a third-party RAID library that contains zlib vulnerabilities. The build dates for the affected versions are as follows: Build dates for SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R:

April 8 - 15, 2022
July 26 - Aug 4, 2022
March 2 - 9, 2023
March 28 - April 4, 2023

Running the tool with the following command will display the build date and "RAID Enabled" in the banner: --version
RAID enabled SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R with a build date of December 4, 2023, and later have remediated the vulnerabilities for the following: Microchip, PMC and HPE SmartRAID or SmartHBA Controllers.
  • Latest version of SeaChest
  • For the latest version of SeaDragon, contact your Seagate Customer Support Engineer
At this time, Windows versions of SeaDragon and SeaChest released December 4, 2023, or later do not support Adaptec Controllers Series 8. There is not a current workaround for these controllers on Windows.
December 4, 2023
CVE-2023-48795 Exos X 3005 Hybrid Storage Arrays

Exos X 4005 Hybrid Storage Arrays

Exos X 5005 Hybrid Storage Arrays
Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective. 

For the client side, an end user can remove the two ciphers from the default offered ciphers.

For the server side, Exos X firmware G280R014-01 will not be remediated.
Products are EOL. Fix and intercept with future planned release.

This column will be updated if a fix becomes available.
CVE-2022-38392 Seagate Backup Plus Desktop 4TB (STDT4000100) Seagate products are designed to operate within defined acoustic, shock, and vibration tolerances. Exceeding defined tolerances, as stated in the product specifications, may cause product failures and void the product warranty. Users should ensure the products operate in an environment that meets Seagate's operating environment specifications 8/29/23

Pre-Auth Remote Code Execution (RCE) Vulnerability

LaCie Cloudbox 2.6.11.1 (Cloudbox) 6/17/2021

NetworkSpace 2 Products:


  • Network Space 2
  • Network Space Max
  • d2 Network 2
  • 2big Network 2
  • 5big Network 2

2.2.12.3


6/17/2021

 CVE-2016-2118 - (a.k.a Badlock)

LaCie 5Big NAS Pro
LaCie 2Big NAS
LaCie Cloudbox
4.2.11.1
4.2.11.1
2.6.11.0
6/15/2016

 CVE-2016-2118 - (a.k.a Badlock)

Seagate NAS
Seagate NAS Pro
Seagate Business Storage Rackmount 4-Bay NAS
Segate Business Storage Rackmount 8-Bay NAS
Download Finder   6/15/2016

CVE-2006-7243
CodeIgniter 2.1.0
PHP 5.2.3
and other exploits

Seagate Business Storage NAS Business Storage NAS- Increasing Security 5/1/2015
CVE-2015-2876
CVE-2015-2875
CVE-2015-2874
Seagate Wireless,Wireless Plus and LaCie Fuel Download Finder 9/1/2015