CVE-2017-7237
published 2017-04-06CVE-2017-7237: The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.72%
93.1th percentile
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spiceworks | spiceworks | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated inbound TFTP WRQ (Write Request) operations on UDP port 69 targeting the Spiceworks server, especially writes to the data\configurations directory. ↗
- →Alert on executable files (e.g., .exe, .bat) being uploaded via TFTP to the Spiceworks configurations directory, which could indicate staging for Remote Code Execution. ↗
- →Detect any TFTP PUT operations originating from external/untrusted hosts to the Spiceworks TFTP service; the service performs no authentication for any connecting client. ↗
- ·The TFTP service in Spiceworks 7.5 is unauthenticated by design for all clients; there is no per-client access control, meaning any host with network reachability to UDP/69 can read or overwrite files. ↗
- ·File overwrite is only possible if the targeted filename is known or guessed; defenders should treat configuration filenames in the data\configurations directory as sensitive. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txthttps://community.spiceworks.com/support/inventory/docs/network-config#securityhttps://www.exploit-db.com/exploits/41825/http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txthttps://community.spiceworks.com/support/inventory/docs/network-config#securityhttps://www.exploit-db.com/exploits/41825/
2017-04-06
Published