Vulnerabilities > CVE-2017-7237 - Unspecified vulnerability in Spiceworks 7.5

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
spiceworks
exploit available

Summary

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

Vulnerable Configurations

Part Description Count
Application
Spiceworks
1

Exploit-Db

descriptionSpiceWorks 7.5 TFTP - Remote File Overwrite / Upload. CVE-2017-7237. Remote exploit for Windows platform
fileexploits/windows/remote/41825.txt
idEDB-ID:41825
last seen2017-04-06
modified2017-04-05
platformwindows
port
published2017-04-05
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/41825/
titleSpiceWorks 7.5 TFTP - Remote File Overwrite / Upload
typeremote

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/141934/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt
idPACKETSTORM:141934
last seen2017-04-10
published2017-04-05
reporterhyp3rlinx
sourcehttps://packetstormsecurity.com/files/141934/Spiceworks-7.5-TFTP-Improper-Access-Control-File-Overwrite-Upload.html
titleSpiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload