Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in the BlueCat Networks Proteus IPAM appliance 2.0.2.0 (Adonis DNS/DHCP appliance 5.0.2.8) allows remote authenticated administrators, with certain TFTP privileges, to create and overwrite arbitrary files via a .. (dot dot) in a pathname. NOTE: this can be leveraged for administrative access by overwriting /etc/shadow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BlueCat Networks Proteus TFTP文件远程权限提升漏洞
Vulnerability Description
Proteus是企业级的IP地址管理设备。 Proteus的TFTP服务器实现上存在漏洞,远程攻击者可能利用此漏洞获取服务器的root用户权限。 可以使用Proteus向所管理的Adonis设备上传文件,管理员可以命名TFTP文件,但没有对用户输入(如相对路径)执行数据验证。所上传的文件仅可拷贝到/tftpboot/目录,且文件拷贝是以root用户权限执行的,因此名为../etc/shadow的文件可以覆盖影子口令数据库/etc/shadow。
CVSS Information
N/A
Vulnerability Type
N/A