PT-2008-2873 · Argon Technology · Argon Technology Client Management Services+1

Luigi Auriemma

Published

2008-03-10

Updated

2018-10-11

CVE-2008-1281

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Argon Technology Client Management Services (CMS) versions 1.31 and earlier TFTPsrvs.exe versions 2.5.3.1 and earlier

Description A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the filename parameter.

Recommendations For Argon Technology Client Management Services (CMS) versions 1.31 and earlier, update to a version later than 1.31. For TFTPsrvs.exe versions 2.5.3.1 and earlier, update to a version later than 2.5.3.1. As a temporary workaround, consider restricting access to the filename parameter to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-1281

Affected Products

Argon Technology Client Management Services

Tftpsrvs.Exe

PT-2008-2873 · Argon Technology · Argon Technology Client Management Services+1

CVE-2008-1281

Weakness Enumeration

Related Identifiers

Affected Products

References · 8