CVE-2009-1730
published 2009-05-20CVE-2009-1730: Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory…
PriorityP266critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
54.51%
98.9th percentile
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netmechanica | netdecision_tftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor TFTP (UDP/69) traffic for directory traversal sequences (e.g., '../' or '..\') in GET or PUT request filenames targeting NetDecision 4.2 TFTP Server. ↗
- →Alert on unexpected .mof files appearing in C:\Windows\System32\wbem\mof\ that were not deployed by a known management process, especially when preceded by an unknown .exe dropped in System32. ↗
- →The exploit source port for TFTP client connections is randomized between 1025 and 65535; however, the destination is always UDP/69 on the target NetDecision TFTP server. ↗
- ·The traversal depth is configurable by the attacker (default 1, but effectively falls back to 10 if unset or zero), meaning the number of '../' sequences in the malicious filename will vary per attack attempt. ↗
- ·The exploit targets Windows XP SP3 and Windows 2003 SP2 specifically; the WbemExec MOF-drop technique is OS-version dependent and may not apply to other platforms. ↗
- ·Null bytes are the only bad characters for the payload, meaning most shellcode encodings are viable and payload detection cannot rely on null-byte filtering. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
NetDecision 4.2 - TFTP Writable Directory Traversal Execution (Metasploit)
exploitdb·2012-08-10
CVE-2009-1730 NetDecision 4.2 - TFTP Writable Directory Traversal Execution (Metasploit)
NetDecision 4.2 - TFTP Writable Directory Traversal Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "NetDecision 4.2 TFTP Writable Directory Traversal Execution",
'Description' => %q{
This module exploits a vulnerability found in NetDecision 4.2 TFTP server. The
software contains a directory traversal vulnerability that allows a remote attacker
to write arbitrary file to the file system, which results in code execution under
the context of user executing the TFTP Server.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Rob
Metasploit
NetDecision 4.2 TFTP Directory Traversal
metasploit
NetDecision 4.2 TFTP Directory Traversal
NetDecision 4.2 TFTP Directory Traversal
This modules exploits a directory traversal vulnerability in NetDecision 4.2 TFTP service.
Metasploit
NetDecision 4.2 TFTP Writable Directory Traversal Execution
metasploit
NetDecision 4.2 TFTP Writable Directory Traversal Execution
NetDecision 4.2 TFTP Writable Directory Traversal Execution
This module exploits a vulnerability found in NetDecision 4.2 TFTP server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context of user executing the TFTP Server.
No writeups or analysis indexed.
http://secunia.com/advisories/35131http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1http://www.securityfocus.com/bid/35002https://exchange.xforce.ibmcloud.com/vulnerabilities/50574http://secunia.com/advisories/35131http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1http://www.securityfocus.com/bid/35002https://exchange.xforce.ibmcloud.com/vulnerabilities/50574
2009-05-20
Published