ID
VAR-E-201108-0439
TITLE
CiscoKits CCNA TFTP 'Read' Command Directory Traversal Vulnerability
Trust: 0.3
DESCRIPTION
CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
CiscoKits CCNA TFTP Server 1.0 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | certificationkits | model: | ciscokits ccna tftp server | scope: | eq | version: | 1.0 | Trust: 0.3 |
EXPLOIT
Attackers can exploit this issue through a browser.
The following exploit is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/49053.py">/data/vulnerabilities/exploits/49053.py</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
CREDITS
Antu Sanadi of SecPod Research
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 49053 | Trust: 0.3 |
REFERENCES
| url: | http://secpod.org/advisories/secpod_ciscokits_tftp_server_dir_trav.txt | Trust: 0.3 |
| url: | http://www.certificationkits.com/cisco-ccna-tftp-server/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 49053 |
LAST UPDATE DATE
2022-07-27T09:50:05.248000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 49053 | date: | 2011-08-05T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 49053 | date: | 2011-08-05T00:00:00 |