CVE-2007-2586
HIGH severity · CVSS 9.3 · Incorrect authorization
9.3CVSS HIGH
Summary
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)14%
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://seclists.org/bugtraq/2009/Jan/0183.htmlAdvisory
- http://secunia.com/advisories/25199Advisory
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml
- http://www.osvdb.org/35334
- http://www.securityfocus.com/archive/1/494868Advisory
- http://www.securitytracker.com/id?1018030Advisory
- http://www.exploit-db.com/exploits/6155Advisory
- http://www.securityfocus.com/bid/23885Advisory