Directory Traversal Vulnerability in Acronis Snap Deploy
CVE-2008-1410

Currently unrated

Key Information:

Vendor: Acronis
Status: Snap Deploy
Vendor: CVE Published:; 20 March 2008

Summary

A directory traversal vulnerability exists in the PXE Server (pxesrv.exe) of Acronis Snap Deploy 2.0.0.1076 and earlier, allowing remote attackers to exploit this flaw. By utilizing directory traversal sequences, an attacker can gain unauthorized access to read arbitrary files via the TFTP service. This exposure poses significant risks, as it can lead to the unauthorized disclosure of sensitive information. Users and administrators should restrict access to the TFTP service and upgrade to the latest version to mitigate this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41074

vdb-entryx_refsource_XF

http://aluigi.altervista.org/adv/acropxe-adv.txt

x_refsource_MISC

http://www.vupen.com/english/advisories/2008/0814/references

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 20, 2008
Vulnerability Reserved
Mar 19, 2008