Sign-up

ID

VAR-201003-0483


CVE

CVE-2010-1174


TITLE

Cisco TFTP Server Remote Denial of Service Vulnerability

Trust: 0.9

sources: BID: 38968 // CNNVD: CNNVD-201003-436

DESCRIPTION

Cisco TFTP Server 1.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) read (aka RRQ) or (2) write (aka WRQ) request, or other TFTP packet. NOTE: some of these details are obtained from third party information. Cisco TFTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. Cisco TFTP Server 1.1 is vulnerable. NOTE: Cisco no longer supports this product. The vulnerability is reported in version 1.1. Prior versions may also be affected. Use another product. Use the product in trusted networks only. PROVIDED AND/OR DISCOVERED BY: _SuBz3r0_ OTHER REFERENCES: http://www.cisco.com/pcgi-bin/message_more.pl?message_no=3002&table_type=tftp&template=content ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2010-1174 // JVNDB: JVNDB-2010-003946 // BID: 38968 // VULHUB: VHN-43779 // VULMON: CVE-2010-1174 // PACKETSTORM: 87664

AFFECTED PRODUCTS

vendor:ciscomodel:tftp serverscope:eqversion:1.1

Trust: 2.7

sources: BID: 38968 // JVNDB: JVNDB-2010-003946 // CNNVD: CNNVD-201003-436 // NVD: CVE-2010-1174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1174
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1174
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201003-436
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43779
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-1174
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1174
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-43779
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43779 // VULMON: CVE-2010-1174 // JVNDB: JVNDB-2010-003946 // CNNVD: CNNVD-201003-436 // NVD: CVE-2010-1174

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-43779 // JVNDB: JVNDB-2010-003946 // NVD: CVE-2010-1174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-436

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201003-436

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003946

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-43779 // 
            
            
            
            VULMON: CVE-2010-1174

PATCH
title:Top Pageurl:http://www.cisco.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-003946

EXTERNAL IDS
db:NVDid:CVE-2010-1174
Trust: 2.9
db:BIDid:38968
Trust: 2.1
db:SECUNIAid:39116
Trust: 1.9
db:EXPLOIT-DBid:11878
Trust: 1.8
db:JVNDBid:JVNDB-2010-003946
Trust: 0.8
db:CNNVDid:CNNVD-201003-436
Trust: 0.7
db:XFid:57165
Trust: 0.6
db:NSFOCUSid:14708
Trust: 0.6
db:SEEBUGid:SSVID-68026
Trust: 0.1
db:VULHUBid:VHN-43779
Trust: 0.1
db:VULMONid:CVE-2010-1174
Trust: 0.1
db:PACKETSTORMid:87664
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43779 // 
            
            
            
            VULMON: CVE-2010-1174 // 
            
            
            
            BID: 38968 // 
            
            
            
            JVNDB: JVNDB-2010-003946 // 
            
            
            
            PACKETSTORM: 87664 // 
            
            
            
            CNNVD: CNNVD-201003-436 // 
            
            
            
            NVD: CVE-2010-1174

REFERENCES
url:http://www.securityfocus.com/bid/38968
Trust: 1.8
url:http://www.exploit-db.com/exploits/11878
Trust: 1.8
url:http://secunia.com/advisories/39116
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/57165
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1174
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1174
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/57165
Trust: 0.6
url:http://www.nsfocus.net/vulndb/14708
Trust: 0.6
url:http://www.cisco.com/en/us/products/hw/routers/ps133/products_tech_note09186a00801f7735.shtml
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/11878/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/39116/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://www.cisco.com/pcgi-bin/message_more.pl?message_no=3002&table_type=tftp&template=content
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43779 // 
            
            
            
            VULMON: CVE-2010-1174 // 
            
            
            
            BID: 38968 // 
            
            
            
            JVNDB: JVNDB-2010-003946 // 
            
            
            
            PACKETSTORM: 87664 // 
            
            
            
            CNNVD: CNNVD-201003-436 // 
            
            
            
            NVD: CVE-2010-1174

CREDITS
SuBz3r0
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-436

SOURCES
db:VULHUBid:VHN-43779
db:VULMONid:CVE-2010-1174
db:BIDid:38968
db:JVNDBid:JVNDB-2010-003946
db:PACKETSTORMid:87664
db:CNNVDid:CNNVD-201003-436
db:NVDid:CVE-2010-1174

LAST UPDATE DATE
2025-04-11T23:10:55.984000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43779date:2017-08-17T00:00:00
db:VULMONid:CVE-2010-1174date:2017-08-17T00:00:00
db:BIDid:38968date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-003946date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201003-436date:2010-03-30T00:00:00
db:NVDid:CVE-2010-1174date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43779date:2010-03-29T00:00:00
db:VULMONid:CVE-2010-1174date:2010-03-29T00:00:00
db:BIDid:38968date:2010-03-25T00:00:00
db:JVNDBid:JVNDB-2010-003946date:2012-06-26T00:00:00
db:PACKETSTORMid:87664date:2010-03-28T10:42:48
db:CNNVDid:CNNVD-201003-436date:2010-03-29T00:00:00
db:NVDid:CVE-2010-1174date:2010-03-29T19:30:00.313