Cisco IOS Secure Copy Authorization Bypass Vulnerability

high Nessus Plugin ID 49009

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.
The IOS Secure Copy Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS Secure Copy Server service are not affected by this vulnerability.
This vulnerability does not apply to the IOS Secure Copy Client feature.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070808-scp.

See Also

http://www.nessus.org/u?6281a98b

http://www.nessus.org/u?fde51b32

Plugin Details

Severity: High

ID: 49009

File Name: cisco-sa-20070808-scphttp.nasl

Version: 1.17

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/8/2007

Vulnerability Publication Date: 8/8/2007

Reference Information

CVE: CVE-2007-4263

BID: 25240

CISCO-SA: cisco-sa-20070808-scp

CISCO-BUG-ID: CSCsc19259