Vulnerability Details : CVE-2008-1311
Public exploit exists!
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-1311
Probability of exploitation activity in the next 30 days: 60.63%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2008-1311
-
PacketTrap TFTP Server 2.2.5459.0 DoS
Disclosure Date: 2008-10-29First seen: 2020-04-26auxiliary/dos/windows/tftp/pt360_writeThe PacketTrap TFTP server version 2.2.5459.0 can be brought down by sending a special write request. Authors: - kris katterjohn <katterjohn@gmail.com>
CVSS scores for CVE-2008-1311
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1311
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1311
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41073
-
http://aluigi.org/testz/tftpx.zip
Exploit
-
http://www.securityfocus.com/bid/28187
Exploit
-
http://www.securityfocus.com/archive/1/489355/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/0811/references
-
http://securityreason.com/securityalert/3734
-
http://aluigi.altervista.org/adv/packettrash-adv.txt
Products affected by CVE-2008-1311
- cpe:2.3:a:packettrap:pt360_tool_suite_pro:*:*:*:*:*:*:*:*