Sign-up

ID

VAR-190001-0663


TITLE

CiscoKits CCNA TFTP 'Read' Command Directory Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2011-3059 // CNNVD: CNNVD-201108-116

DESCRIPTION

CertificationKits CiscoKits CCNA TFTP Server is a TFTP server that can be used to help prepare for the Cisco Certificate Exam. CertificationKits CiscoKits CCNA TFTP Server incorrectly handles read requests containing \"../\" sequences, allowing an attacker to read arbitrary files through a directory traversal attack. CiscoKits CCNA TFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks

Trust: 0.81

sources: CNVD: CNVD-2011-3059 // BID: 49053

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-3059

AFFECTED PRODUCTS

vendor:certificationkitsmodel:ciscokits ccna tftp serverscope:eqversion:1.0

Trust: 0.9

sources: CNVD: CNVD-2011-3059 // BID: 49053

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201108-116

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201108-116

EXTERNAL IDS

db:BIDid:49053

Trust: 1.5

db:CNVDid:CNVD-2011-3059

Trust: 0.6

db:CNNVDid:CNNVD-201108-116

Trust: 0.6

sources: CNVD: CNVD-2011-3059 // BID: 49053 // CNNVD: CNNVD-201108-116

REFERENCES

url:http://secpod.org/advisories/secpod_ciscokits_tftp_server_dir_trav.txt

Trust: 0.9

url:http://www.securityfocus.com/bid/49053

Trust: 0.6

url:http://www.certificationkits.com/cisco-ccna-tftp-server/

Trust: 0.3

sources: CNVD: CNVD-2011-3059 // BID: 49053 // CNNVD: CNNVD-201108-116

CREDITS

Antu Sanadi of SecPod Research

Trust: 0.9

sources: BID: 49053 // CNNVD: CNNVD-201108-116

SOURCES

db:CNVDid:CNVD-2011-3059
db:BIDid:49053
db:CNNVDid:CNNVD-201108-116

LAST UPDATE DATE

2022-05-17T02:10:24.130000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3059date:2011-08-08T00:00:00
db:BIDid:49053date:2011-08-05T00:00:00
db:CNNVDid:CNNVD-201108-116date:2011-08-09T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-3059date:2011-08-08T00:00:00
db:BIDid:49053date:2011-08-05T00:00:00
db:CNNVDid:CNNVD-201108-116date:1900-01-01T00:00:00