02/02/2022

IP Security – TFTP – Trivial File Transfer Protocol – Port 69

TFTP is a simple protocol for transferring files, implemented on top of the UDP/IP protocols using well-known port number 69. TFTP was designed to be small and easy to implement, and therefore it lacks most of the advanced features offered by more robust file transfer protocols.

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP Port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/password or /proc/version

Recommended Actions

An open TFTP vulnerability can be resolved by configuring your firewall to block UDP port 69.

It is worth noting that blocking this port will only stop traffic over this port leaving or entering your network. Services on your LAN that use this port should continue to work as normal.

Reference Material

CVE.mitre.org is also another useful site and by searching their “CVE list” and typing in the Vulnerability they can help identify and mitigate the issue:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24990

https://cve.mitre.org/

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners