Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by datto
VAR-201802-0103
Vulnerability from variot - Updated: 2023-12-18 12:37Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. Datto ALTO and SIRIS The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform. A security vulnerability exists on Datto ALTO and SIRIS devices due to the use of static passwords for VNC that is turned on by default. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0103",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alto 2",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "alto imaged",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all flash",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": null,
"trust": 3.2,
"vendor": "datto",
"version": null
},
{
"model": "alto imaged",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all-flash",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2081"
}
]
},
"cve": "CVE-2015-2081",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2081",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2081",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-80042",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-2081",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-2081",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2081",
"trust": 2.6,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-2081",
"trust": 1.6,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-797",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-80042",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-87215",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-87216",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. Datto ALTO and SIRIS The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform. A security vulnerability exists on Datto ALTO and SIRIS devices due to the use of static passwords for VNC that is turned on by default. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
}
],
"trust": 4.14
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2081",
"trust": 5.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-80042",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87215",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87216",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-87217",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"id": "VAR-201802-0103",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
}
],
"trust": 0.04
},
"last_update_date": "2023-12-18T12:37:01.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Datto ALTO",
"trust": 3.2,
"url": "https://www.datto.com/alto"
},
{
"title": "Datto SIRIS",
"trust": 3.2,
"url": "https://www.datto.com/siris"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-200",
"trust": 1.8
},
{
"problemtype": "CWE-798",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.2,
"url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9254"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9255"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9256"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2081"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2081"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-80042"
},
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-80042"
},
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87215"
},
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87216"
},
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87217"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"date": "2018-02-20T06:29:00.227000",
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-80042"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87215"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87216"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87217"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008133"
},
{
"date": "2018-03-19T15:24:18.363000",
"db": "NVD",
"id": "CVE-2015-2081"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-797"
}
],
"trust": 0.6
}
}
VAR-201802-0066
Vulnerability from variot - Updated: 2023-12-18 12:37Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alto imaged",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all-flash",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto imaged",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all flash",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9256"
}
]
},
"cve": "CVE-2015-9256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-9256",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-9256",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9256",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-794",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87217",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-9256",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "VULMON",
"id": "CVE-2015-9256"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9256",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87217",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9256",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"id": "VAR-201802-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87217"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:01.270000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Datto ALTO",
"trust": 0.8,
"url": "https://www.datto.com/alto"
},
{
"title": "Datto SIRIS",
"trust": 0.8,
"url": "https://www.datto.com/siris"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9256"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87217"
},
{
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87217"
},
{
"date": "2018-02-20T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"date": "2018-02-20T06:29:00.387000",
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87217"
},
{
"date": "2018-03-19T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9256"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008136"
},
{
"date": "2018-03-19T15:21:21.407000",
"db": "NVD",
"id": "CVE-2015-9256"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-794"
}
],
"trust": 0.6
}
}
VAR-201802-0065
Vulnerability from variot - Updated: 2023-12-18 12:37Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alto imaged",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all-flash",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto imaged",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all flash",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9255"
}
]
},
"cve": "CVE-2015-9255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-9255",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-9255",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9255",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-87216",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "VULHUB",
"id": "VHN-87216"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9255",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87216",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"id": "VAR-201802-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87216"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:01.246000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Datto ALTO",
"trust": 0.8,
"url": "https://www.datto.com/alto"
},
{
"title": "Datto SIRIS",
"trust": 0.8,
"url": "https://www.datto.com/siris"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9255"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87216"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"date": "2018-02-20T06:29:00.337000",
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87216"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008135"
},
{
"date": "2018-03-19T15:20:53.030000",
"db": "NVD",
"id": "CVE-2015-9255"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-795"
}
],
"trust": 0.6
}
}
VAR-201802-0064
Vulnerability from variot - Updated: 2023-12-18 12:37Datto ALTO and SIRIS devices have a default VNC password. Datto ALTO and SIRIS The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alto imaged",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all-flash",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": "eq",
"trust": 1.6,
"vendor": "datto",
"version": null
},
{
"model": "alto 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto imaged",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "alto xl",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 2",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3 x all flash",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris 3",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
},
{
"model": "siris virtual",
"scope": null,
"trust": 0.8,
"vendor": "datto",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_xl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_xl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_3_x_all-flash_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_3_x_all-flash:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:siris_virtual_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:siris_virtual:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:datto:alto_imaged_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:datto:alto_imaged:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9254"
}
]
},
"cve": "CVE-2015-9254",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-9254",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-87215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-9254",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9254",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-796",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-87215",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS devices have a default VNC password. Datto ALTO and SIRIS The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "VULHUB",
"id": "VHN-87215"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9254",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-87215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"id": "VAR-201802-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87215"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:01.218000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Datto ALTO",
"trust": 0.8,
"url": "https://www.datto.com/alto"
},
{
"title": "Datto SIRIS",
"trust": 0.8,
"url": "https://www.datto.com/siris"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.information-paradox.net/2015/02/cve-2015-2081-multiple-vulnerabilities.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9254"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9254"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87215"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-20T00:00:00",
"db": "VULHUB",
"id": "VHN-87215"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"date": "2018-02-20T06:29:00.277000",
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"date": "2018-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-87215"
},
{
"date": "2018-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008134"
},
{
"date": "2018-03-19T15:21:36.187000",
"db": "NVD",
"id": "CVE-2015-9254"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Datto ALTO and SIRIS Vulnerabilities related to the use of hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-796"
}
],
"trust": 0.6
}
}
CVE-2017-16674 (GCVE-0-2017-16674)
Vulnerability from nvd – Published: 2017-11-09 04:00 – Updated: 2024-09-17 03:58- n/a
| URL | Tags |
|---|---|
| https://www.datto.com/partner-security-update-nov2017 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this \"primary/secondary\" attack with the CVE-2017-16673 \"rogue pairing\" attack to achieve unauthenticated access to all agent machines running these older DWA versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this \"primary/secondary\" attack with the CVE-2017-16673 \"rogue pairing\" attack to achieve unauthenticated access to all agent machines running these older DWA versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.datto.com/partner-security-update-nov2017",
"refsource": "CONFIRM",
"url": "https://www.datto.com/partner-security-update-nov2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16674",
"datePublished": "2017-11-09T04:00:00.000Z",
"dateReserved": "2017-11-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16673 (GCVE-0-2017-16673)
Vulnerability from nvd – Published: 2017-11-09 04:00 – Updated: 2024-09-16 20:37- n/a
| URL | Tags |
|---|---|
| https://www.datto.com/partner-security-update-nov2017 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to \"pair\" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified \"specific information\" by which the agent identifies a network device that is \"appearing to be a valid Datto.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to \"pair\" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified \"specific information\" by which the agent identifies a network device that is \"appearing to be a valid Datto.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.datto.com/partner-security-update-nov2017",
"refsource": "CONFIRM",
"url": "https://www.datto.com/partner-security-update-nov2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16673",
"datePublished": "2017-11-09T04:00:00.000Z",
"dateReserved": "2017-11-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:56.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16674 (GCVE-0-2017-16674)
Vulnerability from cvelistv5 – Published: 2017-11-09 04:00 – Updated: 2024-09-17 03:58- n/a
| URL | Tags |
|---|---|
| https://www.datto.com/partner-security-update-nov2017 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this \"primary/secondary\" attack with the CVE-2017-16673 \"rogue pairing\" attack to achieve unauthenticated access to all agent machines running these older DWA versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this \"primary/secondary\" attack with the CVE-2017-16673 \"rogue pairing\" attack to achieve unauthenticated access to all agent machines running these older DWA versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.datto.com/partner-security-update-nov2017",
"refsource": "CONFIRM",
"url": "https://www.datto.com/partner-security-update-nov2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16674",
"datePublished": "2017-11-09T04:00:00.000Z",
"dateReserved": "2017-11-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:58:37.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16673 (GCVE-0-2017-16673)
Vulnerability from cvelistv5 – Published: 2017-11-09 04:00 – Updated: 2024-09-16 20:37- n/a
| URL | Tags |
|---|---|
| https://www.datto.com/partner-security-update-nov2017 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:19.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to \"pair\" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified \"specific information\" by which the agent identifies a network device that is \"appearing to be a valid Datto.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-09T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.datto.com/partner-security-update-nov2017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to \"pair\" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified \"specific information\" by which the agent identifies a network device that is \"appearing to be a valid Datto.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.datto.com/partner-security-update-nov2017",
"refsource": "CONFIRM",
"url": "https://www.datto.com/partner-security-update-nov2017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16673",
"datePublished": "2017-11-09T04:00:00.000Z",
"dateReserved": "2017-11-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:56.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}