Home  >  CVE-2015-2876
CVE Details for CVE: CVE-2015-2876
Summary
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
Timestamps
Last major update 31-12-2015 - 15:46
Published 31-12-2015 - 05:59
Last modified 31-12-2015 - 15:46
References
Vulnerable Configurations
  • cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*
    cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*
  • cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*
    cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*
  • cpe:2.3:o:lacie:lac9000436u_firmware:2.3.0.014:*:*:*:*:*:*:*
    cpe:2.3:o:lacie:lac9000436u_firmware:2.3.0.014:*:*:*:*:*:*:*
  • cpe:2.3:o:lacie:lac9000464u_firmware:2.3.0.014:*:*:*:*:*:*:*
    cpe:2.3:o:lacie:lac9000464u_firmware:2.3.0.014:*:*:*:*:*:*:*
  • cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*
  • cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*
  • cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*
    cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
8.3
Impact
10.0
Exploitability
6.5
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS3
Base
8.8
Impact
5.9
Exploitability
2.8
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW ADJACENT_NETWORK NONE UNCHANGED NONE
Impact
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
VIA4 references
cvss-vector via4
AV:A/AC:L/Au:N/C:C/I:C/A:C
cvss3-vector via4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
refmap via4
cert-vn VU#903500
confirm