CVE-2017-7237

Name of the Vulnerable Software and Affected Versions Spiceworks Inventory version 7.5

Description The issue allows remote attackers to access the Spiceworks data/configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This can be demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.

Recommendations For Spiceworks Inventory version 7.5, consider restricting access to the TFTP service to minimize the risk of exploitation. As a temporary workaround, restrict access to UDP port 69 until a patch is available.