CVE-2008-1410
acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
Vulnerabilidad de salto de directorio en PXE Server (pxesrv.exe) de Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos leer ficheros de su elección mediante la utilización de secuencias de salto de directorio en el servicio TFTP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-19 CVE Reserved
- 2008-03-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3758 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/489358/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2008/0814/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41074 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5228 | 2024-08-07 | |
| http://aluigi.altervista.org/adv/acropxe-adv.txt | 2024-08-07 | |
| http://www.securityfocus.com/bid/28182 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29305 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Acronis Search vendor "Acronis" | Snap Deploy Search vendor "Acronis" for product "Snap Deploy" | 2.0.0.1076 Search vendor "Acronis" for product "Snap Deploy" and version "2.0.0.1076" | - |
Affected
| ||||||