CVE-2008-1410

Acronis Snap Deploy <2.0.0.1076 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1410. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The document describes two vulnerabilities in Acronis PXE Server: a directory traversal flaw allowing arbitrary file downloads via TFTP, and a NULL pointer dereference causing a DoS. It includes technical details and proof-of-concept commands but no functional exploit code.

Description

Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/5228

View Code ZIP pw:eip

The document describes two vulnerabilities in Acronis PXE Server: a directory traversal flaw allowing arbitrary file downloads via TFTP, and a NULL pointer dereference causing a DoS. It includes technical details and proof-of-concept commands but no functional exploit code.

Classification

Writeup 95%

Attack Type

Info Leak | Dos

Complexity

Trivial

Reliability

Reliable

Target: Acronis PXE Server <= 2.0.0.1076

No auth needed

Prerequisites: Network access to UDP port 69

MITRE ATT&CK