CVE-2020-26130

Published: Oct 28, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary.

Affected (2)

Products: Open Tftp Server Project: Open Tftp Server

Open Tftp Server Project

1 product

Open Tftp Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Open Tftp Server Project Open Tftp Server	Version 1.66
Open Tftp Server Project Open Tftp Server	Version 1.66

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26130.md

Source: cve@mitre.org

https://github.com/an0ry/advisories

Source: cve@mitre.org

ExploitThird Party Advisory

https://sourceforge.net/projects/tftp-server/

Source: cve@mitre.org

Product

https://github.com/OffensiveOceloot/advisories/blob/main/CVE-2020-26130.md

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/an0ry/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://sourceforge.net/projects/tftp-server/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.