Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Avaya IP Office Manager TFTP Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application. Impact Level: Application

Solution

Apply the patch from below link, http://support.avaya.com/css/P8/documents/100141179

Insight

The flaw is due to an error while handling certain requests containing 'dot dot' sequences (..), which can be exploited to download arbitrary files from the host system.

Affected

Avaya IP Office Manager TFTP Server Version 8.1 and prior.

References

http://support.avaya.com/css/P8/documents/100141179
http://www.exploit-db.com/exploits/17507
http://www.securityfocus.com/bid/48272

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
IlohaMail Readable Configuration Files
LocalWeb2000 remote read
Check for Apache Multiple / vulnerability
AT TFTP Server Directory Traversal Vulnerability

Take action and discover your vulnerabilities