cbcvebase.
CVE-2011-4722
published 2014-12-28

CVE-2011-4722: Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in…

PriorityP264high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
57.60%
99.0th percentile
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

Affected

1 ranges
VendorProductVersion rangeFixed in
ipswitchtftp_server

Detection & IOCsextracted from sources · hover to see the quote

port69/UDP
commandtftp> get ../../../../../../../../../../../boot.ini
commandtftp> get ../../../../../../../../../../../windows/win.ini
path../../../../../../../../../../../boot.ini
versionIpswitch TFTP Server 1.0.0.24
bytes
\x00\x01 (TFTP RRQ opcode) followed by ../repeated x10 + boot.ini + \x00 + netascii\x00
  • Detect TFTP RRQ (opcode 0x0001) packets on UDP/69 containing '../' sequences in the filename field, indicative of directory traversal attempts.
  • Monitor TFTP RRQ requests targeting sensitive Windows files such as boot.ini or windows/win.ini via traversal paths.
  • Flag TFTP RRQ packets where the Filename field begins with or contains repeated '../' (dot-dot-slash) sequences sent over UDP to port 69.
  • A Metasploit auxiliary scanner module exists for this vulnerability; correlate scanner activity against IpSwitch WhatsUp Gold TFTP service on UDP/69.
  • ·The exploit was tested specifically on Windows XP SP3 and Windows 7; traversal targets (boot.ini, win.ini) are Windows-specific paths and may not apply to other OS deployments.
  • ·No vendor patch was available at the time of advisory release; the solution field explicitly states 'Not available'.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.