Description

NetGain Systems Enterprise Manager is an IT monitoring software. It implements a TFTP server for uploading and downloading configuration files.

A directory traversal vulnerability (AKA CVE-2017-16597) was discovered in NetGain Enterprise Manager. An unauthenticated attacker can exploit this vulnerability by sending a crafted TFTP request to the target. Successful exploitation would result in arbitrary code execution under the security context of the Administrator.

SonicWall Capture Labs Threat Research team provides protection against this threat via the following signatures:

• IPS sid:1112 “TFTP Server Directory Traversal Attack 1”

• IPS sid:1113 “TFTP Server Directory Traversal Attack 2”

• IPS sid:2242 “TFTP Server Directory Traversal Attack 3”

• IPS sid:9525 “TFTP Server Directory Traversal Attack 4”