Kiwi CatTools < 3.2.9 TFTP Server Traversal Arbitrary File Manipulation

This script is Copyright (C) 2007-2015 Ferdy Riphagen

Synopsis :

The remote TFTP server is affected by a directory traversal

Description :

The remote host appears to be running Kiwi CatTools, a freeware
application for device configuration management.

The TFTP server included with the version of Kiwi CatTools installed
on the remote host fails to sanitize filenames of directory traversal
sequences. An attacker can exploit this issue to get or put arbitrary
files on the affected host subject to the privileges of the user id
under which the server operates, LOCAL SYSTEM by default.

See also :

Solution :

Upgrade to Kiwi CatTools version 3.2.9 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 24747 (kiwi_cattools_tftpd_dir_traversal.nasl)

Bugtraq ID: 22490

CVE ID: CVE-2007-0888

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now