Improper input validation in Solarwinds Tftp_server

CVE-2010-2115

SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a denial of service (no new connections) via a crafted read request.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.828 (99.3th percentile) — read the EPSS interpretation.

Affected products

Solarwinds Tftp_server — versions 10.4.0.10
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

rapid7/metasploit-framework

References

1024019 (vdb-entry, x_refsource_SECTRACK)
12683 (Exploit, exploit, x_refsource_EXPLOIT-DB)
39896 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
64845 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2010-2115?: CVE-2010-2115 is a vulnerability in Solarwinds Tftp_server, classified under Improper Input Validation. Published 2010-05-28.
Is CVE-2010-2115 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.