ID CVE-2007-4263
Summary Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
References
Vulnerable Configurations
  • Cisco IOS 12.2
    cpe:2.3:o:cisco:ios:12.2
CVSS
Base: 8.5 (as of 09-08-2007 - 14:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SA-20070808-SCPHTTP.NASL
description The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. The IOS Secure Copy Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS Secure Copy Server service are not affected by this vulnerability. This vulnerability does not apply to the IOS Secure Copy Client feature.
last seen 2019-02-21
modified 2018-11-15
plugin id 49009
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49009
title Cisco IOS Secure Copy Authorization Bypass Vulnerability
oval via4
accepted 2008-09-08T04:00:26.720-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
family ios
id oval:org.mitre.oval:def:5542
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS 12.2 Secure Copy Security Bypass Vulnerability
version 3
refmap via4
bid 25240
cisco 20070808 Cisco IOS Secure Copy Authorization Bypass Vulnerability
osvdb 36694
sectrack 1018534
secunia 26361
vupen ADV-2007-2817
xf cisco-ios-scp-file-overwrite(35872)
Last major update 07-03-2011 - 21:58
Published 08-08-2007 - 19:17
Last modified 28-09-2017 - 21:29
Back to Top