HP Ignite-UX TFTP File Upload Vulnerability

HP Ignite-UX TFTP File Upload Vulnerability

During installation, Ignite-UX can use a TFTP server for remote access. Under certain circumstances, parts of the server path can be made world writable. This occurs if the add_new_client command is issued. Remote TFTP clients may be able to then write data to parts of the file system anonymously.