Directory Traversal Vulnerability in Acronis Snap Deploy
CVE-2008-1410

Currently unrated

Key Information:

Vendor

Acronis
Status
Snap Deploy
Vendor
CVE Published:
20 March 2008

What is CVE-2008-1410?

A directory traversal vulnerability exists in the PXE Server (pxesrv.exe) of Acronis Snap Deploy 2.0.0.1076 and earlier, allowing remote attackers to exploit this flaw. By utilizing directory traversal sequences, an attacker can gain unauthorized access to read arbitrary files via the TFTP service. This exposure poses significant risks, as it can lead to the unauthorized disclosure of sensitive information. Users and administrators should restrict access to the TFTP service and upgrade to the latest version to mitigate this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41074
vdb-entryx_refsource_XF
http://aluigi.altervista.org/adv/acropxe-adv.txt
x_refsource_MISC
http://www.vupen.com/english/advisories/2008/0814/references
vdb-entryx_refsource_VUPEN

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.