SIRIS
by Datto
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9254 | Cri | 0.64 | 9.8 | 0.01 | Feb 20, 2018 | Datto ALTO and SIRIS devices have a default VNC password. | ||
| CVE-2015-2081 | Cri | 0.64 | 9.8 | 0.03 | Feb 20, 2018 | Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts. | ||
| CVE-2015-9256 | Med | 0.35 | 5.3 | 0.01 | Feb 20, 2018 | Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | ||
| CVE-2015-9255 | Med | 0.35 | 5.3 | 0.01 | Feb 20, 2018 | Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. |
- risk 0.64cvss 9.8epss 0.01
Datto ALTO and SIRIS devices have a default VNC password.
- risk 0.64cvss 9.8epss 0.03
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
- risk 0.35cvss 5.3epss 0.01
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default.
- risk 0.35cvss 5.3epss 0.01
Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory.