CVE-2002-2170

Name of the Vulnerable Software and Affected Versions: Working Resources Inc. BadBlue Enterprise Edition versions 1.7 through 1.74

Description: The issue allows remote attackers to execute arbitrary code by accessing the dir.hts page on the localhost and adding an entire hard drive to be shared, due to insufficient authentication. This is possible because the software attempts to restrict administrator actions to the IP address of the local host but does not provide additional authentication.

Recommendations: For versions 1.7 through 1.74, consider restricting access to the dir.hts page to minimize the risk of exploitation. As a temporary workaround, limit the ability to add entire hard drives to be shared until a more robust authentication mechanism is implemented.