Executive Summary

Summary
Title Multiple Vulnerabilities in the IOS FTP Server
Informations
Name cisco-sa-20070509-iosftp First vendor Publication 2007-03-23
Vendor Cisco Last vendor Modification 2008-04-25
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5036
 
Oval ID: oval:org.mitre.oval:def:5036
Title: Cisco IOS FTP Server Authentication Bypass Vulnerability
Description: The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
Family: ios Class: vulnerability
Reference(s): CVE-2007-2586
 Version: 2
Platform(s): Cisco IOS
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5444
 
Oval ID: oval:org.mitre.oval:def:5444
Title: Cisco IOS File Transfer DoS Vulnerability
Description: The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote authenticated users to cause a denial of service (IOS reload) via unspecified vectors involving transferring files (aka bug ID CSCse29244).
Family: ios Class: vulnerability
Reference(s): CVE-2007-2587
 Version: 1
Platform(s): Cisco IOS
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Hardware 286
Os 5345

ExploitDB Exploits

id Description
2008-07-29 Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)

OpenVAS Exploits

Date Description
2008-08-22 Name : Cisco IOS FTP Server Authentication Bypass Vulnerability
File : nvt/cisco_ios_ftp_server_auth_bypass.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
35335 Cisco IOS FTP Server Unspecified File Transfer DoS

IOS contains a flaw that may allow a remote denial of service. The issue is triggered by repeated exploitation of unspecified flaws in the FTP server occurs, and will result in loss of availability for the platform.
35334 Cisco IOS FTP Server User Credential Handling Remote Overflow

IOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an unspecified condition in the FTP server which allows a remote attacker to download a copy of the startup-config file, which will disclose configuration information resulting in a loss of confidentiality.

Snort® IPS/IDS

Date Description
2018-10-17 Multiple Products FTP MKD buffer overflow attempt
RuleID : 23055-community - Revision : 10 - Type : PROTOCOL-FTP
2014-01-10 Multiple Products FTP MKD buffer overflow attempt
RuleID : 23055 - Revision : 10 - Type : PROTOCOL-FTP

Nessus® Vulnerability Scanner

Date Description
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20070509-iosftphttp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 10:21:51
  • Multiple Updates
2013-12-14 21:19:28
  • Multiple Updates