Cisco IOS Secure Copy (SCP) Lets All Remote Authenticated Users Transfer Files
|
|
SecurityTracker Alert ID: 1018534
|
|
SecurityTracker URL: http://securitytracker.com/id?1018534
|
|
CVE Reference: CVE-2007-4263
(Links to External Site)
|
Updated: Aug 9 2007
|
Original Entry Date: Aug 8 2007
|
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Version(s): certain 12.2-based releases
|
Description: A vulnerability was reported in Cisco IOS. A remote authenticated user can transfer files, regardless of their privilege level.
A remote authenticated user can use Secure Copy (scp) to transfer files to and from arbitrary locations on the target device (when
the device is configured to be a Secure Copy server). The user can exploit this to retrieve the configuration file, which may contain
potentially sensitive information.
Certain 12.2-based IOS releases are affected.
Cisco has assigned Cisco Bug ID CSCsc19259
to this vulnerability.
Vijay Sarvepalli from University of North Carolina at Greensboro discovered this vulnerability.
|
Impact: A remote authenticated user can transfer arbitrary files to and from the target device.
|
Solution: The vendor has issued fixed versions. A patch matrix is available in the Cisco advisory.
The Cisco advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml (Links to External Site)
|
Cause: Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Aug 2007 13:12:58 -0400
Subject: Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerability
|
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
|
|
