Vulnerabilities > CVE-2017-7237 - Unspecified vulnerability in Spiceworks 7.5
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload. CVE-2017-7237. Remote exploit for Windows platform |
| file | exploits/windows/remote/41825.txt |
| id | EDB-ID:41825 |
| last seen | 2017-04-06 |
| modified | 2017-04-05 |
| platform | windows |
| port | |
| published | 2017-04-05 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/41825/ |
| title | SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload |
| type | remote |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/141934/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt |
| id | PACKETSTORM:141934 |
| last seen | 2017-04-10 |
| published | 2017-04-05 |
| reporter | hyp3rlinx |
| source | https://packetstormsecurity.com/files/141934/Spiceworks-7.5-TFTP-Improper-Access-Control-File-Overwrite-Upload.html |
| title | Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload |