Home  >  CVE-2015-2874
CVE Details for CVE: CVE-2015-2874
Summary
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Timestamps
Last major update 31-12-2015 - 20:29
Published 31-12-2015 - 05:59
Last modified 31-12-2015 - 20:29
References
Vulnerable Configurations
  • cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*
  • cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*
  • cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*
    cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*
  • cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*
    cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*
  • cpe:2.3:o:lacie:lac9000464u_firmware:2.3.0.014:*:*:*:*:*:*:*
    cpe:2.3:o:lacie:lac9000464u_firmware:2.3.0.014:*:*:*:*:*:*:*
  • cpe:2.3:o:lacie:lac9000436u_firmware:2.3.0.014:*:*:*:*:*:*:*
    cpe:2.3:o:lacie:lac9000436u_firmware:2.3.0.014:*:*:*:*:*:*:*
  • cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
CWE-255
CVSS
Base
10.0
Impact
10.0
Exploitability
10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS3
Base
9.8
Impact
5.9
Exploitability
3.9
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED NONE
Impact
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
VIA4 references
cvss-vector via4
AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss3-vector via4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
refmap via4
cert-vn VU#903500
confirm