0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload Vulnerability
Author
Risk
[
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
[+] Credits: John Page AKA HYP3RLINX Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides network inventory and monitoring of all the devices on the network by discovering IP-addressable devices. It can be configured to provide custom alerts and notifications based on various criteria. it also provides a ticketing system, a user portal, an integrated knowledge base, and mobile ticket management. Vulnerability Type: ============================================== Improper Access Control File Overwrite / Upload CVE Reference: ============== CVE-2017-7237 Security Issue: ================ The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks "data\configurations" directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This allows remote attackers to overwrite files within the Spiceworks configurations directory, if the targeted file name is known or guessed. Remote attackers who can reach UDP port 69 can also write/upload arbitrary files to the "data\configurations", this can potentially become a Remote Code Execution vulnerability if for example an executable file e.g. EXE, BAT is dropped, then later accessed and run by an unknowing Spiceworks user. References - released April 3, 2017: ==================================== https://community.spiceworks.com/support/inventory/docs/network-config#security Proof: ======= 1) Install Spiceworks 2) c:\>tftp -i VICTIM-IP PUT someconfig someconfig 3) Original someconfig gets overwritten OR Arbitrary file upload c:\>tftp -i VICTIM-IP PUT Evil.exe Evil.exe # 0day.today [2024-12-24] #