CVE-2019-1681

Name of the Vulnerable Software and Affected Versions Cisco Network Convergence System 1000 Series software versions prior to Release 6.5.2

Description A vulnerability in the TFTP service could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The issue is due to improper validation of user-supplied input within TFTP requests. An attacker could exploit this by using directory traversal techniques in malicious requests sent to the TFTP service. This could allow the attacker to retrieve arbitrary files, resulting in the disclosure of sensitive information.

Recommendations For Cisco Network Convergence System 1000 Series software versions prior to Release 6.5.2, update to Release 6.5.2 or later to resolve the issue. As a temporary workaround, consider disabling the TFTP service until a patch is available. Restrict access to the TFTP service to minimize the risk of exploitation. Avoid using directory traversal techniques in TFTP requests until the issue is resolved.