CVE Vulnerability

CVE-2007-2343

Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506 Vendor Advisory
http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf Patch
http://www.securitytracker.com/id?1017876
http://secunia.com/advisories/24764 Exploit Vendor Advisory
http://osvdb.org/34627
http://www.vupen.com/english/advisories/2007/1271
Configurations

Configuration 1

cpe:2.3:a:enterasys:netsight_inventory_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:enterasys:netsight_console:*:*:*:*:*:*:*:*
Information

Published : 2007-04-27 05:19

Updated : 2011-03-08 02:54

NVD link : CVE-2007-2343

Mitre link : CVE-2007-2343

Products Affected
No products.
CWE
NVD-CWE-Other