vendor:
Snap Deploy Server
by:
Luigi Auriemma
7.5
CVSS
HIGH
Directory Traversal and NULL Pointer
22 (Path Traversal) and 476 (NULL Pointer Dereference)
CWE
Product Name: Snap Deploy Server
Affected Version From: 2.0.0.1076
Affected Version To: 2.0.0.1076
Patch Exists: NO
Related CWE: N/A
CPE: a:acronis:snap_deploy_server
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
Acronis PXE Server Directory Traversal and NULL Pointer Vulnerabilities
The Acronis PXE Server is vulnerable to a classical directory traversal and an arbitrary path attacks which allow an attacker to download any file from the local disks or the network shares. An incomplete TFTP request (anything which goes from the simple absence of the option field to the usage of only the 2 bytes for the opcode) causes the crashing of the PXE Server due to a NULL pointer access.
Mitigation:
No fix.