Lucene search

[email protected]CVE-2007-2343

HistoryApr 27, 2007 - 5:19 p.m.

CVE-2007-2343

2007-04-2717:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2343

stack-based buffer overflow

enterasys netsight console

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.361 Low

EPSS

Percentile

97.2%

JSON

Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.

Affected configurations

NVD

Node

enterasysnetsight_consoleRange≤2.1

enterasysnetsight_inventory_managerRange≤2.1

CPENameOperatorVersion
enterasys:netsight_consoleenterasys netsight consolele2.1
enterasys:netsight_inventory_managerenterasys netsight inventory managerle2.1

CPE	Name	Operator	Version
enterasys:netsight_console	enterasys netsight console	le	2.1
enterasys:netsight_inventory_manager	enterasys netsight inventory manager	le	2.1

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=506

osvdb.org/34627

secunia.com/advisories/24764

www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf

www.securitytracker.com/id?1017876

www.vupen.com/english/advisories/2007/1271

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

High

0.361 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2007-2343

cvelist1 prion1 nvd1