TFTP Traversal Arbitrary File Access

Medium Nessus Plugin ID 18262


The remote TFTP server can be used to read arbitrary files on the remote host.


The TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.


Disable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.

Plugin Details

Severity: Medium

ID: 18262

File Name: tftpd_dir_trav.nasl

Version: $Revision: 1.50 $

Type: remote

Family: Misc.

Published: 2005/05/16

Modified: 2016/11/23

Dependencies: 11936, 11819

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

Required KB Items: Services/udp/tftp

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 1986/04/19

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (Distinct TFTP 3.10 Writable Directory Traversal Execution)

Reference Information

CVE: CVE-1999-0183, CVE-1999-0498, CVE-2002-2353, CVE-2009-0271, CVE-2009-0288, CVE-2009-1161

BID: 6198, 11582, 11584, 33287, 33344, 35040, 42907, 48272, 50441, 52938

OSVDB: 8069, 11221, 11297, 11349, 51404, 51487, 54616, 57701, 76743, 80984

EDB-ID: 14857, 17507, 18718

CWE: 22, 264