Cisco TFTP Server Long Filename DoS (CSCdy03429)

This script is (C) 2002-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Trivial File Transfer Protocol (TFTP) is a protocol which allows for
easy transfer of files between network connected devices.

A vulnerability has been discovered in the processing of filenames
within a TFTP read request when Cisco IOS is configured to act as a
TFTP server.

This vulnerability is documented as Cisco Bug ID CSCdy03429.

Solution :

http://www.nessus.org/u?1212ca9e

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:W/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 11056 (CSCdy03429.nasl)

Bugtraq ID: 5328

CVE ID: CVE-2002-0813