Vulnerability Description
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Enterasys | Netsight Console | <= 2.1 |
| Enterasys | Netsight Inventory Manager | <= 2.1 |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506Vendor Advisory
- http://osvdb.org/34627
- http://secunia.com/advisories/24764ExploitVendor Advisory
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdfPatch
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506Vendor Advisory
- http://osvdb.org/34627
- http://secunia.com/advisories/24764ExploitVendor Advisory
- http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdfPatch
- http://www.securitytracker.com/id?1017876
- http://www.vupen.com/english/advisories/2007/1271
FAQ
What is CVE-2007-2343?
CVE-2007-2343 is a vulnerability with a CVSS score of 7.5 (HIGH). Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via cra...
How severe is CVE-2007-2343?
CVE-2007-2343 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2343?
Check the references section above for vendor advisories and patch information. Affected products include: Enterasys Netsight Console, Enterasys Netsight Inventory Manager.