- Description
- Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enterasys:netsight_console:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C5D3152-F50E-4D21-A452-7A909372E8D4",
"versionEndIncluding": "2.1"
},
{
"criteria": "cpe:2.3:a:enterasys:netsight_inventory_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D4C8415-E1A6-4CE0-B8E6-59F70575135D",
"versionEndIncluding": "2.1"
}
],
"operator": "OR"
}
]
}
]