// For flags

CVE-2020-26130

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.

Se detectaron problemas en Open TFTP Server multiproceso versión 1.66 y Open TFTP Server single puerto versión 1.66. Debido a restricciones insuficientes de acceso en el directorio de instalación predeterminado, un atacante puede escalar privilegios al reemplazar el binario OpenTFTPServerMT.exe o OpenTFTPServerSP.exe

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-09-28 CVE Reserved
  • 2020-10-28 CVE Published
  • 2024-03-02 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Open Tftp Server Project
Search vendor "Open Tftp Server Project"
Open Tftp Server
Search vendor "Open Tftp Server Project" for product "Open Tftp Server"
1.66
Search vendor "Open Tftp Server Project" for product "Open Tftp Server" and version "1.66"
mt
Affected
Open Tftp Server Project
Search vendor "Open Tftp Server Project"
Open Tftp Server
Search vendor "Open Tftp Server Project" for product "Open Tftp Server"
1.66
Search vendor "Open Tftp Server Project" for product "Open Tftp Server" and version "1.66"
sp
Affected