Vulnerability Details : CVE-2015-2876
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
Vulnerability category: Execute code
Products affected by CVE-2015-2876
- cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*
- cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*
- cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*When used together with: Lacie » Lac9000436uWhen used together with: Lacie » Lac9000464u
- cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*When used together with: Lacie » Lac9000436uWhen used together with: Lacie » Lac9000464u
Exploit prediction scoring system (EPSS) score for CVE-2015-2876
1.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2876
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
References for CVE-2015-2876
-
https://www.kb.cert.org/vuls/id/903500
VU#903500 - Seagate and LaCie wireless storage products contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
VU#903500 - Seagate and LaCie wireless storage products contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
-
https://www.kb.cert.org/vuls/id/GWAN-A26L3F
VU#903500 - Seagate and LaCie wireless storage products contain multiple vulnerabilitiesThird Party Advisory;US Government Resource
Jump to