Details of VAR-201706-0165

ID

VAR-201706-0165

CVE

CVE-2015-5473

TITLE

Samsung SyncThru FileUploadController Directory Traversal Remote Code Execution Vulnerability

Trust: 2.1

sources: ZDI: ZDI-15-299 // ZDI: ZDI-15-297 // ZDI: ZDI-15-298

DESCRIPTION

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. By default, authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadController servlet exposed by uploadFirmware.html. The issue lies in the failure to sanitize the path of files uploaded, allowing for them to be placed anywhere on the server. An attacker can leverage this vulnerability to execute arbitrary code as SYSTEM. An attacker could use this to create denial-of-service condition. Samsung SyncThru is a printer management software from South Korea's Samsung. A directory traversal vulnerability exists in Samsung SyncThru

Trust: 6.21

sources: NVD: CVE-2015-5473 // JVNDB: JVNDB-2015-007582 // ZDI: ZDI-15-299 // ZDI: ZDI-15-297 // ZDI: ZDI-15-298 // ZDI: ZDI-15-296 // ZDI: ZDI-15-300 // ZDI: ZDI-15-301 // CNVD: CNVD-2015-04924 // BID: 75912

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04924

AFFECTED PRODUCTS

vendor:	samsung	model:	syncthru	scope:	-	version:	-	Trust: 4.8
vendor:	samsung	model:	syncthru 6	scope:	lte	version:	-	Trust: 1.0
vendor:	samsung	model:	syncthru 6	scope:	lt	version:	1.0	Trust: 0.8
vendor:	samsung	model:	syncthru 6	scope:	eq	version:	-	Trust: 0.6
vendor:	samsung	model:	syncthru	scope:	eq	version:	0	Trust: 0.3
vendor:	samsung	model:	syncthru	scope:	ne	version:	61.0	Trust: 0.3

sources: ZDI: ZDI-15-299 // ZDI: ZDI-15-297 // ZDI: ZDI-15-298 // ZDI: ZDI-15-296 // ZDI: ZDI-15-300 // ZDI: ZDI-15-301 // CNVD: CNVD-2015-04924 // BID: 75912 // JVNDB: JVNDB-2015-007582 // CNNVD: CNNVD-201507-676 // NVD: CVE-2015-5473

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2015-5473
value:	HIGH
Trust: 4.2
nvd@nist.gov:	CVE-2015-5473
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-5473
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2015-04924
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201507-676
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2015-5473
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 3.9
ZDI:	CVE-2015-5473
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.4
ZDI:	CVE-2015-5473
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2015-04924
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-5473
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-15-299 // ZDI: ZDI-15-297 // ZDI: ZDI-15-298 // ZDI: ZDI-15-296 // ZDI: ZDI-15-300 // ZDI: ZDI-15-301 // CNVD: CNVD-2015-04924 // JVNDB: JVNDB-2015-007582 // CNNVD: CNNVD-201507-676 // NVD: CVE-2015-5473

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2015-007582 // NVD: CVE-2015-5473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-676

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201507-676

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007582

PATCH

title:	Top Page	url:	http://www.samsung.com/uk/business/	Trust: 0.8
title:	Samsung SyncThru directory traversal vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/61316	Trust: 0.6

sources: CNVD: CNVD-2015-04924 // JVNDB: JVNDB-2015-007582

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5473	Trust: 7.5
db:	BID	id:	75912	Trust: 3.3
db:	ZDI	id:	ZDI-15-299	Trust: 2.6
db:	ZDI	id:	ZDI-15-297	Trust: 2.6
db:	ZDI	id:	ZDI-15-298	Trust: 2.6
db:	ZDI	id:	ZDI-15-296	Trust: 2.6
db:	ZDI	id:	ZDI-15-300	Trust: 2.6
db:	ZDI	id:	ZDI-15-301	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-007582	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-2582	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2584	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2583	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2587	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2585	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-2586	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04924	Trust: 0.6
db:	CNNVD	id:	CNNVD-201507-676	Trust: 0.6

REFERENCES

url:	http://www.securityfocus.com/bid/75912	Trust: 3.0
url:	http://www.zerodayinitiative.com/advisories/zdi-15-296	Trust: 1.6
url:	http://www.zerodayinitiative.com/advisories/zdi-15-297	Trust: 1.6
url:	http://www.zerodayinitiative.com/advisories/zdi-15-298	Trust: 1.6
url:	http://www.zerodayinitiative.com/advisories/zdi-15-299	Trust: 1.6
url:	http://www.zerodayinitiative.com/advisories/zdi-15-300	Trust: 1.6
url:	http://www.zerodayinitiative.com/advisories/zdi-15-301	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5473	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5473	Trust: 0.8
url:	http://www.samsung.com/ie/business/solutions-services/printing-solutions/device-management/syncthru-admin-6	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-301/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-300/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-297/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-298/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-299/	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-15-296/	Trust: 0.3

sources: CNVD: CNVD-2015-04924 // BID: 75912 // JVNDB: JVNDB-2015-007582 // CNNVD: CNNVD-201507-676 // NVD: CVE-2015-5473

CREDITS

Andrea Micalizzi (rgod)

Trust: 5.1

sources: ZDI: ZDI-15-299 // ZDI: ZDI-15-297 // ZDI: ZDI-15-298 // ZDI: ZDI-15-296 // ZDI: ZDI-15-300 // ZDI: ZDI-15-301 // BID: 75912 // CNNVD: CNNVD-201507-676

SOURCES

db:	ZDI	id:	ZDI-15-299
db:	ZDI	id:	ZDI-15-297
db:	ZDI	id:	ZDI-15-298
db:	ZDI	id:	ZDI-15-296
db:	ZDI	id:	ZDI-15-300
db:	ZDI	id:	ZDI-15-301
db:	CNVD	id:	CNVD-2015-04924
db:	BID	id:	75912
db:	JVNDB	id:	JVNDB-2015-007582
db:	CNNVD	id:	CNNVD-201507-676
db:	NVD	id:	CVE-2015-5473

LAST UPDATE DATE

2025-04-20T23:19:56.615000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-299	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-297	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-298	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-296	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-300	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-301	date:	2015-07-13T00:00:00
db:	CNVD	id:	CNVD-2015-04924	date:	2015-07-28T00:00:00
db:	BID	id:	75912	date:	2015-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-007582	date:	2017-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201507-676	date:	2017-06-07T00:00:00
db:	NVD	id:	CVE-2015-5473	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-299	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-297	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-298	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-296	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-300	date:	2015-07-13T00:00:00
db:	ZDI	id:	ZDI-15-301	date:	2015-07-13T00:00:00
db:	CNVD	id:	CNVD-2015-04924	date:	2015-07-28T00:00:00
db:	BID	id:	75912	date:	2015-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-007582	date:	2017-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201507-676	date:	2015-07-21T00:00:00
db:	NVD	id:	CVE-2015-5473	date:	2017-06-01T16:29:00.263