{"api_version":"1","generated_at":"2026-05-13T11:09:00+00:00","cve":"CVE-2007-2343","urls":{"html":"https://cve.report/CVE-2007-2343","api":"https://cve.report/api/cve/CVE-2007-2343.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2343","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2343"},"summary":{"title":"CVE-2007-2343","description":"Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-04-27 17:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf","name":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Page not found - Extreme Networks","mime":"application/pdf","httpstatus":"404","archivestatus":"200"},{"url":"http://secunia.com/advisories/24764","name":"http://secunia.com/advisories/24764","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"Enterasys Networks NetSight Products TFTPD/BOOTPD Vulnerabilities - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/34627","name":"http://osvdb.org/34627","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017876","name":"http://www.securitytracker.com/id?1017876","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Enterasys NetSight TFTPD and BOOTPD Servers Permit Remote Code Execution and Denial of Service Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/1271","name":"http://www.vupen.com/english/advisories/2007/1271","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2343","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2343","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2343","vulnerable":"1","versionEndIncluding":"2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"enterasys","cpe5":"netsight_console","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2343","vulnerable":"1","versionEndIncluding":"2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"enterasys","cpe5":"netsight_inventory_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:33:28.349Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"24764","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24764"},{"name":"ADV-2007-1271","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1271"},{"name":"20070404 Enterasys Networks Multiple NetSight Products Multiple Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506"},{"name":"1017876","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017876"},{"name":"34627","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/34627"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-04-05T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2008-11-13T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"24764","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24764"},{"name":"ADV-2007-1271","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1271"},{"name":"20070404 Enterasys Networks Multiple NetSight Products Multiple Vulnerabilities","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506"},{"name":"1017876","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017876"},{"name":"34627","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/34627"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2343","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"24764","refsource":"SECUNIA","url":"http://secunia.com/advisories/24764"},{"name":"ADV-2007-1271","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1271"},{"name":"20070404 Enterasys Networks Multiple NetSight Products Multiple Vulnerabilities","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=506"},{"name":"1017876","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017876"},{"name":"34627","refsource":"OSVDB","url":"http://osvdb.org/34627"},{"name":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf","refsource":"CONFIRM","url":"http://www.enterasys.com/pub/NetSight/Patches/SP1/NetSight_SP1.pdf"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2343","datePublished":"2007-04-27T17:00:00.000Z","dateReserved":"2007-04-27T00:00:00.000Z","dateUpdated":"2024-08-07T13:33:28.349Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-04-27 17:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enterasys:netsight_console:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1","matchCriteriaId":"0C5D3152-F50E-4D21-A452-7A909372E8D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:enterasys:netsight_inventory_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1","matchCriteriaId":"7D4C8415-E1A6-4CE0-B8E6-59F70575135D"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2343","Ordinal":"1","Title":"CVE-2007-2343","CVE":"CVE-2007-2343","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2343","Ordinal":"1","NoteData":"Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long file names.","Type":"Description","Title":"CVE-2007-2343"},{"CveYear":"2007","CveId":"2343","Ordinal":"2","NoteData":"2007-04-27","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2343","Ordinal":"3","NoteData":"2008-11-13","Type":"Other","Title":"Modified"}]}}}