CVE-2015-2874

Published Dec 31, 2015

Last updated 9 years ago

CVSS critical 9.8

Overview

Description: Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Source: cret@cert.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:seagate:wireless_mobile_storage:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5235BAD5-EBEF-4CC7-97B1-BDB9685CE9D2"
          },
          {
            "criteria": "cpe:2.3:h:seagate:wireless_plus_mobile_storage:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4DF566C-383A-45AA-9276-0742F40F316D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:lacie:lac9000436u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "29F377B9-4610-41B6-9D79-64631BFE17F2"
          },
          {
            "criteria": "cpe:2.3:h:lacie:lac9000464u:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "80038101-7457-441E-8407-FA48FF3EB87D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:lacie:lac9000436u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3742DC-6D53-425C-8975-4F827B4AF528",
            "versionEndIncluding": "2.3.0.014"
          },
          {
            "criteria": "cpe:2.3:o:lacie:lac9000464u_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4885C331-C0CB-4B0F-9ED8-9229FA9564F0",
            "versionEndIncluding": "2.3.0.014"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:seagate:goflex_sattelite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52B917C-06F2-4EB2-94FC-B47D7FE2C057"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References