vendor:
Spiceworks
by:
John Page AKA HYP3RLINX
9.8
CVSS
CRITICAL
Improper Access Control File Overwrite / Upload
22
CWE
Product Name: Spiceworks
Affected Version From: Spiceworks Inventory 7.5
Affected Version To: Spiceworks Inventory 7.5
Patch Exists: NO
Related CWE: CVE-2017-7237
CPE: a:spiceworks:spiceworks:7.5
Platforms Tested:
2017
Spiceworks Improper Access Control File Overwrite
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks 'dataconfigurations' directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This allows remote attackers to overwrite files within the Spiceworks configurations directory, if the targeted file name is known or guessed. Remote attackers who can reach UDP port 69 can also write/upload arbitrary files to the 'dataconfigurations', this can potentially become a Remote Code Execution vulnerability if for example an executable file e.g. EXE, BAT is dropped, then later accessed and run by an unknowing Spiceworks user.
Mitigation:
No mitigation or remediation information provided.