Vulnerability Description
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seagate | Goflex Sattelite | All versions |
| Seagate | Wireless Mobile Storage | All versions |
| Seagate | Wireless Plus Mobile Storage | All versions |
| Lacie | Lac9000436U | All versions |
| Lacie | Lac9000464U | All versions |
| Lacie | Lac9000436U Firmware | <= 2.3.0.014 |
| Lacie | Lac9000464U Firmware | <= 2.3.0.014 |
Related Weaknesses (CWE)
References
- https://www.kb.cert.org/vuls/id/903500Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-9ZGTUHThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-A26L3FThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/903500Third Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-9ZGTUHThird Party AdvisoryUS Government Resource
- https://www.kb.cert.org/vuls/id/GWAN-A26L3FThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-2875?
CVE-2015-2875 is a vulnerability with a CVSS score of 7.5 (HIGH). Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows r...
How severe is CVE-2015-2875?
CVE-2015-2875 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2875?
Check the references section above for vendor advisories and patch information. Affected products include: Seagate Goflex Sattelite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, Lacie Lac9000436U, Lacie Lac9000464U.