PT-2015-3214 · Lacie+1 · Lacie Fuel+2
Allen Harper
+2
·
Published
2015-12-31
·
Updated
2015-12-31
·
CVE-2015-2875
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Seagate GoFlex Satellite versions prior to 3.4.1.105
Seagate Wireless Mobile Storage versions prior to 3.4.1.105
Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105
LaCie FUEL versions prior to 3.4.1.105
Description
The issue allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. This is due to an absolute path traversal vulnerability, which exists because of incorrect restriction of the directory path name with limited access.
Recommendations
For Seagate GoFlex Satellite versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For Seagate Wireless Plus Mobile Storage versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
For LaCie FUEL versions prior to 3.4.1.105, update the firmware to version 3.4.1.105 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lacie Fuel
Seagate Goflex Satellite
Seagate Wireless Mobile Storage