We have an install of CiscoWorks LMS 3.0.1 and during a recent security audit it was flagged for making the host server susceptible to directory traversal attacks via CiscoWork's TFTP service. CiscoWorks uses TFTP to pull configs and to push IOS images, but the problem is that any host with connectivity to the CiscoWorks server can use TFTP to access the host server and navigate to any file on the server. For example, we tried "TFTP get [host IP] .../.../.../.../.../boot.ini" and were able to copy the boot.ini to our local PC. This is known as a directory traversal attack or a dot-dot-slash attack. So does anyone know a way to limit the TFTP service to one file or one directory on the CiscoWorks server, or to limit the TFTP access to specific hosts? We'd already considered ACLs, by the way, but we were hoping to find a fix within CiscoWorks itself.