Security Advisory

CVE-2017-7237

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-04-06 15:00:00

Last updated 2024-08-05 15:56:36

Assigner mitre

State PUBLISHED

Description

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks dataconfigurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

← Browse all CVEs View on cve.org ↗