CVE-2017-9024
published 2017-05-21CVE-2017-9024: Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
12.20%
95.7th percentile
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| secure-bytes | secure_cisco_auditor | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandTFTP Read Request with directory traversal: \x00\x01 + '../../../../Windows/system.ini'\x00 + 'netascii'\x00↗
bytes↗
\x00\x01 (TFTP Read Request opcode)
- →Detect TFTP Read Request (opcode 0x0001) packets on UDP/69 containing '../' or '..\' sequences in the filename field, indicative of directory traversal attempts against Secure Auditor's TFTP server. ↗
- →Monitor UDP/69 traffic for TFTP RRQ packets where the filename field contains the pattern '../../../../Windows/system.ini' as used in the public PoC exploit. ↗
- →Alert on TFTP RRQ packets using 'netascii' transfer mode combined with path traversal sequences, matching the exact PoC payload structure: \x00\x01 + traversal path + \x00 + 'netascii' + \x00. ↗
- ·The TFTP server embedded in Secure Bytes Cisco Configuration Manager (bundled with Secure Cisco Auditor 3.0) does not sanitize pathname inputs, making it exploitable remotely without authentication over UDP/69. ↗
- ·The vulnerability is remotely exploitable with no authentication required; any host able to reach UDP port 69 on the target can read arbitrary files from the filesystem. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-05-21
Published