Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability

Summary
The host is running Avaya IP Office Manager TFTP Server and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to read arbitrary files on the affected application. Impact Level: Application
Solution
Apply the patch from below link, http://support.avaya.com/css/P8/documents/100141179
Insight
The flaw is due to an error while handling certain requests containing 'dot dot' sequences (..), which can be exploited to download arbitrary files from the host system.
Affected
Avaya IP Office Manager TFTP Server Version 8.1 and prior.
References