Lucene search
HistoryMay 30, 2015 - 7:59 p.m.
CVE-2015-2851
synology cloud station
cve-2015-2851
security vulnerability
local users
root access
os x
6.8 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
Affected configurations
Node
synologycloud_stationMatch1.1-2291
ORsynologycloud_stationMatch2.0-2291
ORsynologycloud_stationMatch2.0-2402
ORsynologycloud_stationMatch2.1-2561
ORsynologycloud_stationMatch2.1-2570
ORsynologycloud_stationMatch2.1-2577
ORsynologycloud_stationMatch3.0-3005
ORsynologycloud_stationMatch3.0-3103
ORsynologycloud_stationMatch3.0-3108
ORsynologycloud_stationMatch3.0-3109
ORsynologycloud_stationMatch3.0-3111
ORsynologycloud_stationMatch3.1-3317
ORsynologycloud_stationMatch3.1-3320
applemac_os_x
Related
prion
prion
Code injection
2015-05-30 19:59:00
cvelist
cvelist
CVE-2015-2851
2015-05-30 19:00:00
nvd
nvd
CVE-2015-2851
2015-05-30 19:59:03
cert
cert
6.8 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
0.4%
Related for CVE-2015-2851