Details of VAR-201802-0103

ID

VAR-201802-0103

CVE

CVE-2015-2081

TITLE

Datto ALTO and SIRIS Information disclosure vulnerability in devices

Trust: 1.6

sources: JVNDB: JVNDB-2015-008135 // JVNDB: JVNDB-2015-008136

DESCRIPTION

Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. Datto ALTO and SIRIS The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform. A security vulnerability exists on Datto ALTO and SIRIS devices due to the use of static passwords for VNC that is turned on by default. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 4.14

sources: NVD: CVE-2015-2081 // JVNDB: JVNDB-2015-008134 // JVNDB: JVNDB-2015-008135 // JVNDB: JVNDB-2015-008136 // JVNDB: JVNDB-2015-008133 // VULHUB: VHN-80042 // VULHUB: VHN-87215 // VULHUB: VHN-87216 // VULHUB: VHN-87217

AFFECTED PRODUCTS

vendor:	datto	model:	alto 2	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	alto 3	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	alto imaged	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	alto xl	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	siris 2	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	siris 3 x all flash	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	siris 3	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	siris virtual	scope:	-	version:	-	Trust: 3.2
vendor:	datto	model:	siris virtual	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto xl	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto imaged	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 2	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	siris 3 x all-flash	scope:	eq	version:	-	Trust: 1.6
vendor:	datto	model:	alto 3	scope:	eq	version:	-	Trust: 1.6

sources: JVNDB: JVNDB-2015-008134 // JVNDB: JVNDB-2015-008135 // JVNDB: JVNDB-2015-008136 // JVNDB: JVNDB-2015-008133 // CNNVD: CNNVD-201802-797 // NVD: CVE-2015-2081

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2015-2081
value:	CRITICAL
Trust: 1.6
NVD:	CVE-2015-2081
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2015-2081
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-201802-797
value:	HIGH
Trust: 0.6
VULHUB:	VHN-80042
value:	HIGH
Trust: 0.1
VULHUB:	VHN-87215
value:	HIGH
Trust: 0.1
VULHUB:	VHN-87216
value:	MEDIUM
Trust: 0.1
VULHUB:	VHN-87217
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-2081
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 2.6
NVD:	CVE-2015-2081
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.6
VULHUB:	VHN-80042
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-87215
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-87216
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1
VULHUB:	VHN-87217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-2081
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 2.6
NVD:	CVE-2015-2081
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 1.6

sources: VULHUB: VHN-80042 // VULHUB: VHN-87215 // VULHUB: VHN-87216 // VULHUB: VHN-87217 // JVNDB: JVNDB-2015-008134 // JVNDB: JVNDB-2015-008135 // JVNDB: JVNDB-2015-008136 // JVNDB: JVNDB-2015-008133 // CNNVD: CNNVD-201802-797 // NVD: CVE-2015-2081

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-200	Trust: 1.8
problemtype:	CWE-798	Trust: 0.9

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-797

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201802-797

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008134

PATCH

title:	Datto ALTO	url:	https://www.datto.com/alto	Trust: 3.2
title:	Datto SIRIS	url:	https://www.datto.com/siris	Trust: 3.2

sources: JVNDB: JVNDB-2015-008134 // JVNDB: JVNDB-2015-008135 // JVNDB: JVNDB-2015-008136 // JVNDB: JVNDB-2015-008133

EXTERNAL IDS

db:	NVD	id:	CVE-2015-2081	Trust: 5.2
db:	JVNDB	id:	JVNDB-2015-008134	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-008135	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-008136	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-008133	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-797	Trust: 0.7
db:	VULHUB	id:	VHN-80042	Trust: 0.1
db:	CNNVD	id:	CNNVD-201802-796	Trust: 0.1
db:	VULHUB	id:	VHN-87215	Trust: 0.1
db:	CNNVD	id:	CNNVD-201802-795	Trust: 0.1
db:	VULHUB	id:	VHN-87216	Trust: 0.1
db:	CNNVD	id:	CNNVD-201802-794	Trust: 0.1
db:	VULHUB	id:	VHN-87217	Trust: 0.1

REFERENCES

url:	http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html	Trust: 5.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9254	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9254	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9255	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9255	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9256	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9256	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2081	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2081	Trust: 0.8

SOURCES

db:	VULHUB	id:	VHN-80042
db:	VULHUB	id:	VHN-87215
db:	VULHUB	id:	VHN-87216
db:	VULHUB	id:	VHN-87217
db:	JVNDB	id:	JVNDB-2015-008134
db:	JVNDB	id:	JVNDB-2015-008135
db:	JVNDB	id:	JVNDB-2015-008136
db:	JVNDB	id:	JVNDB-2015-008133
db:	CNNVD	id:	CNNVD-201802-797
db:	NVD	id:	CVE-2015-2081

LAST UPDATE DATE

2024-11-23T22:12:41.145000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-80042	date:	2018-03-19T00:00:00
db:	VULHUB	id:	VHN-87215	date:	2018-03-19T00:00:00
db:	VULHUB	id:	VHN-87216	date:	2018-03-19T00:00:00
db:	VULHUB	id:	VHN-87217	date:	2018-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-008134	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008135	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008136	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008133	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-797	date:	2018-04-26T00:00:00
db:	NVD	id:	CVE-2015-2081	date:	2024-11-21T02:26:43.660

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-80042	date:	2018-02-20T00:00:00
db:	VULHUB	id:	VHN-87215	date:	2018-02-20T00:00:00
db:	VULHUB	id:	VHN-87216	date:	2018-02-20T00:00:00
db:	VULHUB	id:	VHN-87217	date:	2018-02-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-008134	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008135	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008136	date:	2018-04-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-008133	date:	2018-04-12T00:00:00
db:	CNNVD	id:	CNNVD-201802-797	date:	2018-02-20T00:00:00
db:	NVD	id:	CVE-2015-2081	date:	2018-02-20T06:29:00.227