Unauthenticated Command Injection Vulnerability in Seagate Media Server

Unauthenticated Command Injection Vulnerability in Seagate Media Server

CVE-2018-5347 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.

Learn more about our Cis Benchmark Audit For Server Software.