CVE-2008-1281

Argon Technology CMS <1.31 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1281. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Argon Client Management Services' TFTP Boot Server, allowing remote attackers to download arbitrary files from the server's disk. The PoC uses a custom tool (tftpx) to exploit the flaw by sending crafted TFTP requests with directory traversal sequences.

Description

Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/5230

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Argon Client Management Services' TFTP Boot Server, allowing remote attackers to download arbitrary files from the server's disk. The PoC uses a custom tool (tftpx) to exploit the flaw by sending crafted TFTP requests with directory traversal sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Argon Client Management Services <= 1.31 (TFTP Boot Server <= 2.5.3.1)

No auth needed

Prerequisites: Network access to the TFTP Boot Server

MITRE ATT&CK