Details of VAR-201802-0065

ID

VAR-201802-0065

CVE

CVE-2015-9255

TITLE

Datto ALTO and SIRIS Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2015-008135

DESCRIPTION

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform

Trust: 1.71

sources: NVD: CVE-2015-9255 // JVNDB: JVNDB-2015-008135 // VULHUB: VHN-87216

AFFECTED PRODUCTS

vendor:	datto	model:	siris virtual	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto xl	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto imaged	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3 x all-flash	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 3	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 2	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto 3	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto imaged	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto xl	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 2	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 3 x all flash	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 3	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris virtual	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2015-008135 // CNNVD: CNNVD-201802-795 // NVD: CVE-2015-9255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9255
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-9255
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-795
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-87216
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-9255
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-87216
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9255
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-87216 // JVNDB: JVNDB-2015-008135 // CNNVD: CNNVD-201802-795 // NVD: CVE-2015-9255

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-87216 // JVNDB: JVNDB-2015-008135 // NVD: CVE-2015-9255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-795

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-795

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008135

PATCH

title:	Datto ALTO	url:	https://www.datto.com/alto	Trust: 0.8
title:	Datto SIRIS	url:	https://www.datto.com/siris	Trust: 0.8

sources: JVNDB: JVNDB-2015-008135

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9255	Trust: 2.5
db:	JVNDB	id:	JVNDB-2015-008135	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-795	Trust: 0.7
db:	VULHUB	id:	VHN-87216	Trust: 0.1

sources: VULHUB: VHN-87216 // JVNDB: JVNDB-2015-008135 // CNNVD: CNNVD-201802-795 // NVD: CVE-2015-9255

REFERENCES

url:	http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9255	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9255	Trust: 0.8

sources: VULHUB: VHN-87216 // JVNDB: JVNDB-2015-008135 // CNNVD: CNNVD-201802-795 // NVD: CVE-2015-9255

SOURCES

db:	VULHUB	id:	VHN-87216
db:	JVNDB	id:	JVNDB-2015-008135
db:	CNNVD	id:	CNNVD-201802-795
db:	NVD	id:	CVE-2015-9255

LAST UPDATE DATE

2024-11-23T22:12:41.196000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87216	date:	2018-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-008135	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-795	date:	2018-04-26T00:00:00
db:	NVD	id:	CVE-2015-9255	date:	2024-11-21T02:40:10.220

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87216	date:	2018-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-008135	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-795	date:	2018-02-20T00:00:00
db:	NVD	id:	CVE-2015-9255	date:	2018-02-20T06:29:00.337