CVE-2020-37250 TFTP Broadband CVE debrief

Who should care

Defenders responsible for systems using TFTP Broadband 4.3.0.1465 should prioritize patching or mitigating this vulnerability. Local attackers could exploit this vulnerability to gain system privileges, potentially leading to unauthorized access, data breaches, or lateral movement within the network.

Technical summary

The vulnerability exists in the tftpt.exe service binary of TFTP Broadband 4.3.0.1465. An unquoted service path allows an attacker to execute arbitrary code with LocalSystem privileges by placing a malicious executable in a directory along the service path. The CVSS:4.0 vector is AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High priority due to local attack vector and potential for privilege escalation

Recommended defensive actions

• Apply the vendor's official patch or update for TFTP Broadband 4.3.0.1465
• If patching is not feasible, consider using a compensating control such as restricting write access to the Program Files directory
• Monitor system logs for suspicious activity related to the tftpt.exe service
• Inventory systems using TFTP Broadband 4.3.0.1465 and prioritize patching
• Review and enforce secure coding practices for service path handling in other applications

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and NVD detail pages. The vulnerability affects TFTP Broadband version 4.3.0.1465. Defenders should verify the version and service status on their systems. The exploitability of this vulnerability is limited to local attackers.

Official resources