Details of VAR-200110-0083

ID

VAR-200110-0083

CVE

CVE-2001-0783

TITLE

Cisco TFTPD Server Directory Traversal Vulnerability

Trust: 0.9

sources: BID: 2886 // CNNVD: CNNVD-200110-102

DESCRIPTION

Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. The Cisco TFTPD server is a freely available software package distributed and maintained by Cisco Systems. The software package is designed to give Microsoft Windows systems the ability to serve files via the Trivial File Transfer Protocol (TFTP). It is possible to gain access to sensitive files on a system using the affect software. By issuing a dot-dot-slash (../) request to the server, any file on the system may be downloaded. This makes it possible for attackers to gain access to arbitrary files, and potentially sensitive information. CVE(CAN) ID: CAN-2001-0783 Cisco TFTP server is a tftp server developed by Cisco. Its version 1.1 has a directory traversal vulnerability. It is possible to download any file on the target host just by prefixing the filename with some \"../\"

Trust: 1.26

sources: NVD: CVE-2001-0783 // BID: 2886 // VULHUB: VHN-3591

AFFECTED PRODUCTS

vendor:

cisco

model:

tftp server

scope:

version:

1.1

Trust: 1.9

sources: BID: 2886 // CNNVD: CNNVD-200110-102 // NVD: CVE-2001-0783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0783
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200110-102
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3591
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-0783
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3591
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3591 // CNNVD: CNNVD-200110-102 // NVD: CVE-2001-0783

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200110-102

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200110-102

EXTERNAL IDS

db:	NVD	id:	CVE-2001-0783	Trust: 2.0
db:	BID	id:	2886	Trust: 2.0
db:	CNNVD	id:	CNNVD-200110-102	Trust: 0.7
db:	XF	id:	6722	Trust: 0.6
db:	BUGTRAQ	id:	20010618 CISCO TFTPD 1.1 VULERABLITY	Trust: 0.6
db:	VULHUB	id:	VHN-3591	Trust: 0.1

sources: VULHUB: VHN-3591 // BID: 2886 // CNNVD: CNNVD-200110-102 // NVD: CVE-2001-0783

REFERENCES

url:	http://www.securityfocus.com/bid/2886	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html	Trust: 1.7
url:	http://www.sentry-labs.com/files/cisco0201061701.txt	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6722	Trust: 1.1
url:	http://xforce.iss.net/static/6722.php	Trust: 0.6

sources: VULHUB: VHN-3591 // CNNVD: CNNVD-200110-102 // NVD: CVE-2001-0783

CREDITS

This vulnerability was announced to BugTraq by Siberian <siberian@splashpages.de> on June 18, 2001.

Trust: 0.3

sources: BID: 2886

SOURCES

db:	VULHUB	id:	VHN-3591
db:	BID	id:	2886
db:	CNNVD	id:	CNNVD-200110-102
db:	NVD	id:	CVE-2001-0783

LAST UPDATE DATE

2024-08-14T15:15:16.037000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3591	date:	2017-12-19T00:00:00
db:	BID	id:	2886	date:	2009-07-11T06:56:00
db:	CNNVD	id:	CNNVD-200110-102	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-0783	date:	2017-12-19T02:29:27.067

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3591	date:	2001-10-18T00:00:00
db:	BID	id:	2886	date:	2001-06-18T00:00:00
db:	CNNVD	id:	CNNVD-200110-102	date:	2001-06-18T00:00:00
db:	NVD	id:	CVE-2001-0783	date:	2001-10-18T04:00:00