CVE-2009-3115

2009-09-0922:30:00

CWE-20

[email protected]

web.nvd.nist.gov

solarwinds

tftp server

9.2.0.111

denial of service

dos

crafted oack request

cve-2009-3115

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.032 Low

EPSS

Percentile

91.3%

JSON

SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

solarwindstftp_serverRange≤9.2.0.111

solarwindstftp_serverMatch5.0.55standard

solarwindstftp_serverMatch5.0.60standard

solarwindstftp_serverMatch8.1

solarwindstftp_serverMatch8.2

CPENameOperatorVersion
solarwinds:tftp_serversolarwinds tftp serverle9.2.0.111
solarwinds:tftp_serversolarwinds tftp servereq5.0.55
solarwinds:tftp_serversolarwinds tftp servereq5.0.60
solarwinds:tftp_serversolarwinds tftp servereq8.1
solarwinds:tftp_serversolarwinds tftp servereq8.2

CPE	Name	Operator	Version
solarwinds:tftp_server	solarwinds tftp server	le	9.2.0.111
solarwinds:tftp_server	solarwinds tftp server	eq	5.0.55
solarwinds:tftp_server	solarwinds tftp server	eq	5.0.60
solarwinds:tftp_server	solarwinds tftp server	eq	8.1
solarwinds:tftp_server	solarwinds tftp server	eq	8.2