Shop limited-time deals on limited-edition Game Drives: $59.99 while supplies last.

New arrival: LaCie is on the Seagate Store! Shop Now >>

EXCLUSIVE OFFER: Save $20 on BarraCuda 3.5" Hard Drive 1TB – $39.99 while supplies last. Shop now!

Search

Products

Knowledge Base

Support Downloads

Articles

suggested searches

Seagate Store

By Type

By Category

By Use Case

By Environment

By Partner

By Industry

Data Storage Innovations

Data Management Innovations

General

Warranty & Data Recovery

Enterprise

Our Story

Join our Seagate Team

Investors

Press Center

Seagate Security Advisories

To report a security vulnerability, please go to the Seagate Responsible Vulnerability Disclosure Policy, fill out and submit the vulnerability form.

Issue	Products	Solution	Release Date
CVE-2022-37434 CVE-2018-25032	RAID enabled SeaChest and SeaDragon Some versions of RAID enabled SeaDragon and RAID enabled SeaChest use a third-party RAID library that contains zlib vulnerabilities. The build dates for the affected versions are as follows: Build dates for SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R: April 8 - 15, 2022 July 26 - Aug 4, 2022 March 2 - 9, 2023 March 28 - April 4, 2023 Running the tool with the following command will display the build date and "RAID Enabled" in the banner: --version	RAID enabled SeaDragon_<ToolName>_R and SeaChest_<ToolName>_R with a build date of December 4, 2023, and later have remediated the vulnerabilities for the following: Microchip, PMC and HPE SmartRAID or SmartHBA Controllers. Latest version of SeaChest For the latest version of SeaDragon, contact your Seagate Customer Support Engineer At this time, Windows versions of SeaDragon and SeaChest released December 4, 2023, or later do not support Adaptec Controllers Series 8. There is not a current workaround for these controllers on Windows.	December 4, 2023
CVE-2023-48795	Exos X 3005 Hybrid Storage Arrays Exos X 4005 Hybrid Storage Arrays Exos X 5005 Hybrid Storage Arrays	Vulnerability is exploited with specific ciphers: there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). Mitigations by removal of the ciphers can done on either server side or client side to be effective. For the client side, an end user can remove the two ciphers from the default offered ciphers. For the server side, Exos X firmware G280R014-01 will not be remediated.	Products are EOL. Fix and intercept with future planned release. This column will be updated if a fix becomes available.
CVE-2022-38392	Seagate Backup Plus Desktop 4TB (STDT4000100)	Seagate products are designed to operate within defined acoustic, shock, and vibration tolerances. Exceeding defined tolerances, as stated in the product specifications, may cause product failures and void the product warranty. Users should ensure the products operate in an environment that meets Seagate's operating environment specifications	8/29/23
Pre-Auth Remote Code Execution (RCE) Vulnerability	LaCie Cloudbox	2.6.11.1 (Cloudbox)	6/17/2021
Pre-Auth Remote Code Execution (RCE) Vulnerability	NetworkSpace 2 Products: Network Space 2 Network Space Max d2 Network 2 2big Network 2 5big Network 2	2.2.12.3 Network Space 2 Network Space Max d2 Network 2 2big Network 2 5big Network 2	6/17/2021
CVE-2016-2118 - (a.k.a Badlock)	LaCie 5Big NAS Pro LaCie 2Big NAS LaCie Cloudbox	4.2.11.1 4.2.11.1 2.6.11.0	6/15/2016
CVE-2016-2118 - (a.k.a Badlock)	Seagate NAS Seagate NAS Pro Seagate Business Storage Rackmount 4-Bay NAS Segate Business Storage Rackmount 8-Bay NAS	Download Finder	6/15/2016
CVE-2006-7243 CodeIgniter 2.1.0 PHP 5.2.3 and other exploits	Seagate Business Storage NAS	Business Storage NAS- Increasing Security	5/1/2015
CVE-2015-2876 CVE-2015-2875 CVE-2015-2874	Seagate Wireless,Wireless Plus and LaCie Fuel	Download Finder	9/1/2015