Summary
The remote host has a TFTP server installed that is serving one or more sensitive Cisco IOS Certificate Authority (CA) files.
Solution
If it is not required, disable the TFTP server. Otherwise restrict access to trusted sources only.
Insight
These files potentially include the private key for the CA so should be considered extremely sensitive and should not be exposed to unnecessary scrutiny.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Apple Mac OS X Authentication Bypass Vulnerability
- Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
- AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability