CVE-2017-7183

moderate-risk
Published 2017-03-27

The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.

Do I need to act?

!
30.1% chance of exploitation in next 30 days
EPSS score — higher than 70% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
41639
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Extraputty

References (8)

Exploit http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service...
http://www.securityfocus.com/archive/1/540300/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/96973
https://www.exploit-db.com/exploits/41639/
Exploit http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service...
http://www.securityfocus.com/archive/1/540300/100/0/threaded
Third Party Advisory http://www.securityfocus.com/bid/96973
https://www.exploit-db.com/exploits/41639/
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 15/34 · Moderate
Exposure 5/34 · Minimal