Cisco IOS TFTP File Disclosure

Medium Nessus Plugin ID 17342


The remote TFTP daemon is serving potentially sensitive content.


The remote host has a TFTP server installed that is serving one or more Cisco IOS files. These files may contain passwords and other sensitive information. A remote attacker could use this information to mount further attacks.


Disable the TFTP service if it is not being used. Otherwise, restrict access to trusted sources only.

Plugin Details

Severity: Medium

ID: 17342

File Name: tftp_files_cisco_ios.nasl

Version: $Revision: 1.11 $

Type: remote

Family: Misc.

Published: 2005/03/16

Modified: 2012/09/24

Dependencies: 11819, 18263

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: Services/udp/tftp

Excluded KB Items: tftp/backdoor