Vulnerability Details CVE-2007-2343
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.062
EPSS Ranking 90.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506
- http://osvdb.org/34627
- http://secunia.com/advisories/24764
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506
- http://osvdb.org/34627
- http://secunia.com/advisories/24764
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271
Products affected by CVE-2007-2343
-
cpe:2.3:a:enterasys:netsight_console:-
-
cpe:2.3:a:enterasys:netsight_console:2.1
-
cpe:2.3:a:enterasys:netsight_inventory_manager:-
-
cpe:2.3:a:enterasys:netsight_inventory_manager:2.1