CVE-2008-1410

Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://aluigi.altervista.org/adv/acropxe-adv.txt	Exploit
http://www.securityfocus.com/bid/28182	Exploit
http://secunia.com/advisories/29305	Vendor Advisory
http://securityreason.com/securityalert/3758
http://www.vupen.com/english/advisories/2008/0814/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41074
https://www.exploit-db.com/exploits/5228
http://www.securityfocus.com/archive/1/489358/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*

Information

Published : 2008-03-20 03:44

Updated : 2018-10-11 13:33

NVD link : CVE-2008-1410

Mitre link : CVE-2008-1410

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

acronis

snap_deploy

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://aluigi.altervista.org/adv/acropxe-adv.txt", "name": "http://aluigi.altervista.org/adv/acropxe-adv.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/28182", "name": "28182", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/29305", "name": "29305", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3758", "name": "3758", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2008/0814/references", "name": "ADV-2008-0814", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41074", "name": "acronissnap-pxeserver-directory-traversal(41074)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/5228", "name": "5228", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/489358/100/0/threaded", "name": "20080310 Directory traversal and NULL pointer in Acronis PXE Server 2.0.0.1076", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1410", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-03-20T10:44Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:33Z"}

4.3 /10