Executive Summary
Summary | |
---|---|
Title | Cisco IOS Secure Copy Authorization Bypass Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20070808-scp | First vendor Publication | 2007-07-02 |
Vendor | Cisco | Last vendor Modification | 2007-08-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. |
Original Source
Url : http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5542 | |||
Oval ID: | oval:org.mitre.oval:def:5542 | ||
Title: | Cisco IOS 12.2 Secure Copy Security Bypass Vulnerability | ||
Description: | Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2007-4263 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36694 | Cisco IOS Secure Copy (SCP) Unspecified Remote File Manipulation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-scphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:52 |
|