6.8

CVE-2015-2851

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SynologyCloud Station Version1.1-2291
   ApplemacOS X
SynologyCloud Station Version2.0-2291
   ApplemacOS X
SynologyCloud Station Version2.0-2402
   ApplemacOS X
SynologyCloud Station Version2.1-2561
   ApplemacOS X
SynologyCloud Station Version2.1-2570
   ApplemacOS X
SynologyCloud Station Version2.1-2577
   ApplemacOS X
SynologyCloud Station Version3.0-3005
   ApplemacOS X
SynologyCloud Station Version3.0-3103
   ApplemacOS X
SynologyCloud Station Version3.0-3108
   ApplemacOS X
SynologyCloud Station Version3.0-3109
   ApplemacOS X
SynologyCloud Station Version3.0-3111
   ApplemacOS X
SynologyCloud Station Version3.1-3317
   ApplemacOS X
SynologyCloud Station Version3.1-3320
   ApplemacOS X
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.265
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 3.1 10
AV:L/AC:L/Au:S/C:C/I:C/A:C
http://www.kb.cert.org/vuls/id/551972
Third Party Advisory
US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9VBU45
Third Party Advisory
US Government Resource