Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
References
Link | Resource |
---|---|
http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
No history.
Information
Published : 2018-02-20 06:29
Updated : 2024-02-04 19:46
NVD link : CVE-2015-9256
Mitre link : CVE-2015-9256
CVE.ORG link : CVE-2015-9256
JSON object : View
Products Affected
datto
- siris_virtual
- siris_3_x_all-flash
- alto_2
- siris_2
- alto_3_firmware
- siris_virtual_firmware
- siris_3
- siris_3_firmware
- alto_3
- siris_3_x_all-flash_firmware
- alto_imaged
- siris_2_firmware
- alto_xl_firmware
- alto_xl
- alto_2_firmware
- alto_imaged_firmware
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor