CVE-2011-4722
published 2014-12-28CVE-2011-4722: Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in…
PriorityP264high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
57.60%
99.0th percentile
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipswitch | tftp_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x01 (TFTP RRQ opcode) followed by ../repeated x10 + boot.ini + \x00 + netascii\x00
- →Detect TFTP RRQ (opcode 0x0001) packets on UDP/69 containing '../' sequences in the filename field, indicative of directory traversal attempts. ↗
- →Monitor TFTP RRQ requests targeting sensitive Windows files such as boot.ini or windows/win.ini via traversal paths. ↗
- →Flag TFTP RRQ packets where the Filename field begins with or contains repeated '../' (dot-dot-slash) sequences sent over UDP to port 69. ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability; correlate scanner activity against IpSwitch WhatsUp Gold TFTP service on UDP/69. ↗
- ·The exploit was tested specifically on Windows XP SP3 and Windows 7; traversal targets (boot.ini, win.ini) are Windows-specific paths and may not apply to other OS deployments. ↗
- ·No vendor patch was available at the time of advisory release; the solution field explicitly states 'Not available'. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
exploitdb·2011-12-02
CVE-2011-4722 Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
Ipswitch TFTP Server 1.0.0.24 - Directory Traversal
---
##############################################################################
# Title : Ipswitch TFTP Server Directory Traversal Vulnerability
# Author : Prabhu S Angadi from SecPod Technologies (www.secpod.com)
# Vendor : http://www.whatsupgold.com/index.aspx
# Advisory : http://secpod.org/blog/?p=424
# http://secpod.org/advisories/SecPod_Ipswitch_TFTP_Server_Dir_Trav.txt
# http://secpod.org/exploits/SecPod_Ipswitch_TFTP_Server_Dir_Trav_POC.py
# Version : Ipswitch TFTP Server 1.0.0.24
# Date : 02/12/2011
##############################################################################
SecPod ID: 1028 13/09/2011 Issue Discovered
04/10/2011 Vendor Notified
No Response from Vendor
02/12/2011 Advisory Released
Class: Information Discl
Metasploit
IpSwitch WhatsUp Gold TFTP Directory Traversal
metasploit
IpSwitch WhatsUp Gold TFTP Directory Traversal
IpSwitch WhatsUp Gold TFTP Directory Traversal
This modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Gold's TFTP service.
No writeups or analysis indexed.
http://secpod.org/blog/?p=424http://secunia.com/advisories/47025http://securitytracker.com/id?1026368http://www.exploit-db.com/exploits/18189/http://www.osvdb.org/77455https://exchange.xforce.ibmcloud.com/vulnerabilities/71610https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05054714http://secpod.org/blog/?p=424http://secunia.com/advisories/47025http://securitytracker.com/id?1026368http://www.exploit-db.com/exploits/18189/http://www.osvdb.org/77455https://exchange.xforce.ibmcloud.com/vulnerabilities/71610https://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c05054714
2014-12-28
Published