← volver
CVE-2017-7237

CVE-2017-7237

EPSS 6.7%
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
Productos afectados
n/a · n/a
PoCs públicas encontradas2
cve_referencewww.exploit-db.com/exploits/41825/no verificadoexploitdbwww.exploit-db.com/exploits/41825no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txthttps://community.spiceworks.com/support/inventory/docs/network-config#securityhttps://www.exploit-db.com/exploits/41825/