TFTP: Windows Deployment Services TFTP Server Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Windows TFTP Deployment Service. A successful attack can lead to remote code execution.

Extended Description

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory, aka "Windows Deployment Services TFTP Server Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10 Servers.

Affected Products

Microsoft windows_server_2008

References

BugTraq: 105774

CVE: CVE-2018-8476

Short Name
TFTP:REQUEST:CVE-2018-8476-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
TFTP
Keywords
CVE-2018-8476 Code Deployment Execution Remote Server Services TFTP Windows bid:105774
Release Date
11/13/2018
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Microsoft

CVSS Score

10.0

Found a potential security threat?