Cisco TFTP Server Remote Denial of Service Vulnerability
BID:38968
Info
Cisco TFTP Server Remote Denial of Service Vulnerability
| Bugtraq ID: | 38968 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1174 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 25 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | _SuBz3r0_ |
| Vulnerable: |
Cisco TFTP Server 1.1 |
| Not Vulnerable: | |
Discussion
Cisco TFTP Server Remote Denial of Service Vulnerability
Cisco TFTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Cisco TFTP Server 1.1 is vulnerable.
NOTE: Cisco no longer supports this product.
Cisco TFTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.
Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.
Cisco TFTP Server 1.1 is vulnerable.
NOTE: Cisco no longer supports this product.
Exploit / POC
Cisco TFTP Server Remote Denial of Service Vulnerability
The following proof-of-concept is available:
The following proof-of-concept is available:
Solution / Fix
Cisco TFTP Server Remote Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Cisco TFTP Server Remote Denial of Service Vulnerability
References:
References:
- TFTP Server Selection and Use (Cisco)