CVE-2018-5347
Description
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
- CVSS Version 3.0
- CVSS Version 2.0
nvd
CVE ID: CVE-2018-5347
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd
CVE ID: CVE-2018-5347
Base Score: 10.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:C/I:C/A:C
Refrence: NVD