CVE-2007-2586

Vulnerability Description

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://seclists.org/bugtraq/2009/Jan/0183.htmlIssue TrackingMailing ListThird Party Advisory
• http://secunia.com/advisories/25199Not ApplicableThird Party Advisory
• http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.sNot Applicable
• http://www.exploit-db.com/exploits/6155ExploitThird Party AdvisoryVDB Entry
• http://www.osvdb.org/35334Broken Link
• http://www.securityfocus.com/archive/1/494868Broken LinkThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/23885Broken LinkExploitThird Party Advisory
• http://www.securitytracker.com/id?1018030Broken LinkThird Party AdvisoryVDB Entry
• http://www.vupen.com/english/advisories/2007/1749Permissions RequiredThird Party Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/34197Third Party AdvisoryVDB Entry
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken LinkThird Party Advisory
• http://seclists.org/bugtraq/2009/Jan/0183.htmlIssue TrackingMailing ListThird Party Advisory
• http://secunia.com/advisories/25199Not ApplicableThird Party Advisory
• http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.sNot Applicable
• http://www.exploit-db.com/exploits/6155ExploitThird Party AdvisoryVDB Entry