Details of VAR-201802-0066

ID

VAR-201802-0066

CVE

CVE-2015-9256

TITLE

Datto ALTO and SIRIS Information disclosure vulnerability in devices

Trust: 0.8

sources: JVNDB: JVNDB-2015-008136

DESCRIPTION

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform

Trust: 1.8

sources: NVD: CVE-2015-9256 // JVNDB: JVNDB-2015-008136 // VULHUB: VHN-87217 // VULMON: CVE-2015-9256

AFFECTED PRODUCTS

vendor:	datto	model:	siris virtual	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto xl	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto imaged	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3 x all-flash	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 3	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 2	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto 3	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto imaged	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	alto xl	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 2	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 3 x all flash	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris 3	scope:	-	version:	-	Trust: 0.8
vendor:	datto	model:	siris virtual	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2015-008136 // CNNVD: CNNVD-201802-794 // NVD: CVE-2015-9256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9256
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-9256
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-794
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-87217
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-9256
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-9256
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-87217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9256
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-87217 // VULMON: CVE-2015-9256 // JVNDB: JVNDB-2015-008136 // CNNVD: CNNVD-201802-794 // NVD: CVE-2015-9256

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-87217 // JVNDB: JVNDB-2015-008136 // NVD: CVE-2015-9256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-794

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-794

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008136

PATCH

title:	Datto ALTO	url:	https://www.datto.com/alto	Trust: 0.8
title:	Datto SIRIS	url:	https://www.datto.com/siris	Trust: 0.8

sources: JVNDB: JVNDB-2015-008136

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9256	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-008136	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-794	Trust: 0.7
db:	VULHUB	id:	VHN-87217	Trust: 0.1
db:	VULMON	id:	CVE-2015-9256	Trust: 0.1

sources: VULHUB: VHN-87217 // VULMON: CVE-2015-9256 // JVNDB: JVNDB-2015-008136 // CNNVD: CNNVD-201802-794 // NVD: CVE-2015-9256

REFERENCES

url:	http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9256	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9256	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-87217 // VULMON: CVE-2015-9256 // JVNDB: JVNDB-2015-008136 // CNNVD: CNNVD-201802-794 // NVD: CVE-2015-9256

SOURCES

db:	VULHUB	id:	VHN-87217
db:	VULMON	id:	CVE-2015-9256
db:	JVNDB	id:	JVNDB-2015-008136
db:	CNNVD	id:	CNNVD-201802-794
db:	NVD	id:	CVE-2015-9256

LAST UPDATE DATE

2024-11-23T22:12:41.222000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87217	date:	2018-03-19T00:00:00
db:	VULMON	id:	CVE-2015-9256	date:	2018-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-008136	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-794	date:	2018-04-26T00:00:00
db:	NVD	id:	CVE-2015-9256	date:	2024-11-21T02:40:10.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87217	date:	2018-02-20T00:00:00
db:	VULMON	id:	CVE-2015-9256	date:	2018-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-008136	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-794	date:	2018-02-20T00:00:00
db:	NVD	id:	CVE-2015-9256	date:	2018-02-20T06:29:00.387