To report a security vulnerability, please go to the Seagate Responsible Vulnerability Disclosure Policy, fill out and submit the vulnerability form.
Issue | Products | Solution | Release Date |
---|---|---|---|
CVE-2022-37434 CVE-2018-25032 |
RAID enabled SeaChest and SeaDragon Some versions of RAID enabled SeaDragon and RAID enabled SeaChest use a third-party RAID library that contains zlib vulnerabilities. The build dates for the affected versions are as follows: Build dates for SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R: April 8 - 15, 2022 July 26 - Aug 4, 2022 March 2 - 9, 2023 March 28 - April 4, 2023 Running the tool with the following command will display the build date and "RAID Enabled" in the banner: --version |
RAID enabled SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R with a build date of December 4, 2023, and later have remediated the vulnerabilities for the following: Microchip, PMC and HPE SmartRAID or SmartHBA Controllers.
|
December 4, 2023 |
CVE-2023-48795 | Exos X 3005 Hybrid Storage Arrays Exos X 4005 Hybrid Storage Arrays Exos X 5005 Hybrid Storage Arrays |
Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective. For the client side, an end user can remove the two ciphers from the default offered ciphers. For the server side, Exos X firmware G280R014-01 will not be remediated. |
Products are EOL. Fix and intercept with future planned release. This column will be updated if a fix becomes available. |
CVE-2022-38392 | Seagate Backup Plus Desktop 4TB (STDT4000100) | Seagate products are designed to operate within defined acoustic, shock, and vibration tolerances. Exceeding defined tolerances, as stated in the product specifications, may cause product failures and void the product warranty. Users should ensure the products operate in an environment that meets Seagate's operating environment specifications | 8/29/23 |
Pre-Auth Remote Code Execution (RCE) Vulnerability |
LaCie Cloudbox | 2.6.11.1 (Cloudbox) | 6/17/2021 |
NetworkSpace 2 Products:
|
2.2.12.3 |
6/17/2021 | |
LaCie 5Big NAS Pro LaCie 2Big NAS LaCie Cloudbox |
4.2.11.1 4.2.11.1 2.6.11.0 |
6/15/2016 | |
Seagate NAS Seagate NAS Pro Seagate Business Storage Rackmount 4-Bay NAS Segate Business Storage Rackmount 8-Bay NAS |
Download Finder | 6/15/2016 | |
CVE-2006-7243 |
Seagate Business Storage NAS | Business Storage NAS- Increasing Security | 5/1/2015 |
CVE-2015-2876 CVE-2015-2875 CVE-2015-2874 |
Seagate Wireless,Wireless Plus and LaCie Fuel | Download Finder | 9/1/2015 |