TFTP Traversal Arbitrary File Access

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote TFTP server can be used to read arbitrary files on the
remote host.

Description :

The TFTP (Trivial File Transfer Protocol) server running on the remote
host is vulnerable to a directory traversal attack that allows an
attacker to read arbitrary files on the remote host by prepending
their names with directory traversal sequences.

Solution :

Disable the remote TFTP daemon, run it in a chrooted environment, or
filter incoming traffic to this port.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.9
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now