1. CVE-Search
  2. CVE-2007-4226
ID CVE-2007-4226
Summary Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
References
Vulnerable Configurations
  • cpe:2.3:h:bluecat_networks:adonis:5.0.2.8:*:*:*:*:*:*:*
    cpe:2.3:h:bluecat_networks:adonis:5.0.2.8:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 15-10-2018 - 21:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:S/C:C/I:C/A:C
refmap via4
bid 25214
bugtraq
  • 20070806 TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
  • 20070809 Re: TS-2007-002-0: BlueCat Networks Adonis root Privilege Access
osvdb 39397
sectrack 1018521
secunia 26354
sreason 2986
vupen ADV-2007-2840
xf adonis-tftp-privilege-escalation(35807)
Last major update 15-10-2018 - 21:34
Published 08-08-2007 - 22:17
Last modified 15-10-2018 - 21:34
Back to Top