CVE Vulnerability

CVE-2008-1410

Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://aluigi.altervista.org/adv/acropxe-adv.txt Exploit
http://www.securityfocus.com/bid/28182 Exploit
http://secunia.com/advisories/29305 Vendor Advisory
http://securityreason.com/securityalert/3758
http://www.vupen.com/english/advisories/2008/0814/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41074
https://www.exploit-db.com/exploits/5228
http://www.securityfocus.com/archive/1/489358/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:acronis:snap_deploy:2.0.0.1076:*:*:*:*:*:*:*
Information

Published : 2008-03-20 10:44

Updated : 2018-10-11 08:33

NVD link : CVE-2008-1410

Mitre link : CVE-2008-1410

Products Affected
No products.
CWE
CWE-22