PT-2020-16304 · Multithreaded Studios · Open Tftp Server
Published
2020-10-28
·
Updated
2023-02-27
·
CVE-2020-26130
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open TFTP Server multithreaded version 1.66
Open TFTP Server single port version 1.66
Description
The issue is related to insufficient access restrictions in the default installation directory of Open TFTP Server, allowing an attacker to elevate privileges. This can be achieved by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.
Recommendations
For Open TFTP Server multithreaded version 1.66, restrict access to the installation directory to prevent unauthorized modifications to the OpenTFTPServerMT.exe binary.
For Open TFTP Server single port version 1.66, restrict access to the installation directory to prevent unauthorized modifications to the OpenTFTPServerSP.exe binary.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Tftp Server