NVD

Id
84779  
Name
CVE-2017-7237  
Description
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks dataconfigurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-04-27  
Published
2017-04-06  
Modified Date
2017-04-12  
Seq
2017-7237  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66670 JVNDB-2017-002995 Spiceworks Inventory に同梱されている Spiceworks TFTP Server における Spiceworks dataconfigurations ディレクトリへアクセスされる脆弱性 Spiceworks Inventory 7.5 に同梱されている Spiceworks TFTP Server には、Spiceworks dataconfigurations ディレクトリへアクセスされる脆弱性が存在します。 CVE-2017-7237 0 CVE-2017-7237 84779 7.5 9.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002995.html 2017-04-05 2017-05-10 View