CVE-2015-2875

moderate-risk
Published 2015-12-31

Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.

Do I need to act?

~
2.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Wireless Mobile Storage
Wireless Plus Mobile Storage
Lac9000436U Firmware
Goflex Sattelite
Lac9000464U Firmware

Affected Vendors

Seagate Lacie

References (6)

Third Party Advisory https://www.kb.cert.org/vuls/id/903500
Third Party Advisory https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory https://www.kb.cert.org/vuls/id/GWAN-A26L3F
Third Party Advisory https://www.kb.cert.org/vuls/id/903500
Third Party Advisory https://www.kb.cert.org/vuls/id/GWAN-9ZGTUH
Third Party Advisory https://www.kb.cert.org/vuls/id/GWAN-A26L3F
44
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 6/34 · Minimal
Exposure 12/34 · Low