CVE-2007-4226

BlueCat Networks Proteus IPAM <2.0.2.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4226. PoCs published by defaultroute.

AI-analyzed exploit summary This exploit describes a privilege escalation vulnerability in BlueCat Networks Adonis devices, allowing an attacker with administrative privileges to write arbitrary data with superuser privileges by manipulating TFTP file uploads. The attack involves creating a TFTP group, adding a file named '../etc/shadow', and deploying it to overwrite the shadow file.

Description

Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.

Exploits (1)

exploitdb WRITEUP VERIFIED

by defaultroute · textremotelinux

https://www.exploit-db.com/exploits/30454

View Code ZIP pw:eip

This exploit describes a privilege escalation vulnerability in BlueCat Networks Adonis devices, allowing an attacker with administrative privileges to write arbitrary data with superuser privileges by manipulating TFTP file uploads. The attack involves creating a TFTP group, adding a file named '../etc/shadow', and deploying it to overwrite the shadow file.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: BlueCat Networks Adonis 5.0.2.8

Auth required

Prerequisites: Administrative access to Proteus configuration · Ability to deploy configurations to Adonis appliance

MITRE ATT&CK