PT-2015-3214 · Lacie+1 · Lacie Fuel+2
Allen Harper
+2
·
Publicado
2015-12-31
·
Atualizado
2015-12-31
·
CVE-2015-2875
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Seagate GoFlex Satellite versions prior to 3.4.1.105
Seagate Wireless Mobile Storage versions prior to 3.4.1.105
Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105
LaCie FUEL versions prior to 3.4.1.105
Description
The issue allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. This is due to an absolute path traversal vulnerability, which exists because of incorrect restriction of the directory path name with limited access.
Recommendations
For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Lacie Fuel
Seagate Goflex Satellite
Seagate Wireless Mobile Storage