Vulnerability CVE-2009-1730


Published: 2009-05-20   Modified: 2012-02-13

Description:
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Netmechanica -> Netdecision tftp server 

 References:
http://xforce.iss.net/xforce/xfdb/50574
http://www.securityfocus.com/bid/35002
http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1
http://secunia.com/advisories/35131

Copyright 2024, cxsecurity.com

 

Back to Top