Rule Category

PROTOCOL-TFTP -- Snort has detected traffic that may indicate the presence of the tftp protocol or vulnerabilities in the tftp protocol on the network.

Alert Message

PROTOCOL-TFTP parent directory

Rule Explanation

Linux implementations of TFTP would allow access to files outside the restricted directory. Impact: CVSS base score 6.4 CVSS impact score 4.9 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE Additional Information

CVE-1999-0183
Linux implementations of TFTP would allow access to files outside the restricted directory.
Details
SeverityMEDIUM Base Score6.4
Impact Score4.9 Exploit Score10.0
Confidentiality ImpactPARTIAL Integrity ImpactPARTIAL
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2002-1209
Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.
Details
SeverityMEDIUM Base Score5.0
Impact Score2.9 Exploit Score10.0
Confidentiality ImpactPARTIAL Integrity ImpactNONE
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2011-4722
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
Details
SeverityHIGH Base Score7.8
Impact Score6.9 Exploit Score10.0
Confidentiality ImpactCOMPLETE Integrity ImpactNONE
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access