CVE-2007-2586
N/A
N/A
Summary
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml
- http://www.securityfocus.com/archive/1/494868
- http://www.vupen.com/english/advisories/2007/1749
- http://secunia.com/advisories/25199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34197
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036
- http://www.securitytracker.com/id?1018030
- http://www.securityfocus.com/bid/23885
- http://seclists.org/bugtraq/2009/Jan/0183.html
- http://www.exploit-db.com/exploits/6155
- http://www.osvdb.org/35334
References
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml
- http://www.securityfocus.com/archive/1/494868
- http://www.vupen.com/english/advisories/2007/1749
- http://secunia.com/advisories/25199
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34197
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036
- http://www.securitytracker.com/id?1018030
- http://www.securityfocus.com/bid/23885
- http://seclists.org/bugtraq/2009/Jan/0183.html
- http://www.exploit-db.com/exploits/6155
- http://www.osvdb.org/35334
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.