SonicWall Security Center
Share: Linkedin Share Facebook Like
Back to SonicALERT


NetGain Systems Enterprise Manager TFTP Vulnerability (Apr 26, 2018)



Description




NetGain Systems Enterprise Manager is an IT monitoring software. It implements a TFTP server for uploading and downloading configuration files.

A directory traversal vulnerability (AKA CVE-2017-16597) was discovered in NetGain Enterprise Manager. An unauthenticated attacker can exploit this vulnerability by sending a crafted TFTP request to the target. Successful exploitation would result in arbitrary code execution under the security context of the Administrator.

SonicWall Capture Labs Threat Research team provides protection against this threat via the following signatures:

  • IPS sid:1112 "TFTP Server Directory Traversal Attack 1"
  • IPS sid:1113 "TFTP Server Directory Traversal Attack 2"
  • IPS sid:2242 "TFTP Server Directory Traversal Attack 3"
  • IPS sid:9525 "TFTP Server Directory Traversal Attack 4"



Back to top

Back to SonicALERT

Follow: Follow us on Facebook Follow us on Twitter Join the Conversation
#SonicWall
© 2018 SonicWall | Privacy Policy | Conditions for use | Feedback | Live Demo | SonicALERT | Document Library | Report Issues
Version: 13.20 | S2MSW05