Executive Summary
| Summary | |
|---|---|
| Title | Cisco IOS Secure Copy Authorization Bypass Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20070808-scp | First vendor Publication | 2007-07-02 |
| Vendor | Cisco | Last vendor Modification | 2007-08-08 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.5 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. |
Original Source
| Url : http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:5542 | |||
| Oval ID: | oval:org.mitre.oval:def:5542 | ||
| Title: | Cisco IOS 12.2 Secure Copy Security Bypass Vulnerability | ||
| Description: | Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. | ||
| Family: | ios | Class: | vulnerability |
| Reference(s): | CVE-2007-4263 | Version: | 1 |
| Platform(s): | Cisco IOS | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 36694 | Cisco IOS Secure Copy (SCP) Unspecified Remote File Manipulation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20070808-scphttp.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 10:21:52 |
|
