Directory Traversal Vulnerability in Cisco TFTP Server 1.1
CVE-2001-0783

Currently unrated

Key Information:

Vendor: Cisco
Status: Tftp Server
Vendor: CVE Published:; 18 October 2001

Summary

The Cisco TFTP server version 1.1 is susceptible to a directory traversal vulnerability that enables remote attackers to read arbitrary files on the server. This flaw occurs when attackers exploit the GET command by using a '..(dot dot)' sequence, allowing them to traverse directories and gain unauthorized access to sensitive files. As a result, attackers could potentially exfiltrate confidential data or compromise the integrity of the service.

References

http://www.sentry-labs.com/files/cisco0201061701.txt

x_refsource_MISC

http://www.securityfocus.com/bid/2886

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2001-06/02...

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 18, 2001
Vulnerability Reserved
Oct 12, 2001