Vulnerability Note VU#632633
Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
Wyse Simple Imager (WSI) includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32.
Wyse Simple Imager (WSI) is a component of Wyse Device Manager (WDM, formerly known as Wyse Rapport). WSI includes TFTPD32 as the TFTP service to load firmware images on client devices. The versions of TFTPD32 contains several known vulnerabilities. The following list of TFTPD32 vulnerabilities is based on public information:
An attacker with network access to TFTPD32 could execute arbitrary code or cause a denial of service on a vulnerable system.
Use Wyse WDM and USB Imaging Tool
Restrict Access to WSI
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|TFTPD32||Affected||-||11 Nov 2009|
|Wyse||Affected||04 Jul 2009||19 Nov 2009|
CVSS Metrics (Learn More)
These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft and Art Manion.
This document was written by Art Manion.
- CVE IDs: CVE-2002-2226 CVE-2002-2237 CVE-2002-2353 CVE-2006-0328 CVE-2003-6141
- Date Public: 10 Jul 2009
- Date First Published: 19 Nov 2009
- Date Last Updated: 19 Nov 2009
- Severity Metric: 13.51
- Document Revision: 54
If you have feedback, comments, or additional information about this vulnerability, please send us email.