CVE-2015-2876

{"id": "CVE-2015-2876", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2015-12-31T05:59:04.737", "references": [{"url": "https://www.kb.cert.org/vuls/id/903500", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/GWAN-A26L3F", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session."}, {"lang": "es", "value": "Vulnerabilidad de carga de archivos sin restricci\u00f3n en dispositivos Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage y LaCie FUEL con firmware anterior a 3.4.1.105 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante la subida de un archivo a /media/sda2 durante una sesi\u00f3n Wi-Fi."}], "lastModified": "2015-12-31T15:46:12.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2"}, {"criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528", "versionEndIncluding": "2.3.0.014"}, {"criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0", "versionEndIncluding": "2.3.0.014"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2"}, {"criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/434.html\">CWE-434: Unrestricted Upload of File with Dangerous Type</a>", "sourceIdentifier": "cret@cert.org"}