Main Vulnerability Database Exploits ID:3804 - Exploit for Input validation error in Spiceworks - CVE-2017-7237

ID:3804 - Exploit for Input validation error in Spiceworks - CVE-2017-7237

Published: August 9, 2020

Vulnerability identifier: #VU39269

Vulnerability risk: High

CVE-ID: CVE-2017-7237

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Spiceworks

Link to public exploit:

https://www.exploit-db.com/exploits/41825/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks dataconfigurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

Remediation

Install update from vendor's website.

ID:3804 - Exploit for Input validation error in Spiceworks - CVE-2017-7237

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human