Cisco IOS Secure Copy Security Bypass Vulnerability

Bugtraq ID:	25240
Class:	Access Validation Error
CVE:	CVE-2007-4263
Remote:	Yes
Local:	No
Published:	Aug 08 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Vijay Sarvepalli is credited with discovering this issue.
Vulnerable:	Cisco IOS 12.2SXF Cisco IOS 12.2SXE Cisco IOS 12.2SXD Cisco IOS 12.2IXD Cisco IOS 12.2IXC Cisco IOS 12.2IXB Cisco IOS 12.2IXA Cisco IOS 12.2 ZU
Not Vulnerable:

Cisco IOS Secure Copy Security Bypass Vulnerability

Cisco IOS secure copy server is prone to a remote security-bypass vulnerability because the application fails to properly validate user privileges during a secure copy.

Exploiting this issue allows remote attackers to retrieve, write, or overwrite arbitrary files on the device's filesystem, including configuration and password files. Successful exploits will result in a complete compromise of affected devices.

This issue affects Cisco 12.2-based IOS with the secure copy server feature enabled. This feature is not enabled by default.

This issue is being tracked by Cisco Bug ID CSCsc19259.

Cisco IOS Secure Copy Security Bypass Vulnerability

Attackers can use a secure copy (SCP) client to exploit this issue.

Cisco IOS Secure Copy Security Bypass Vulnerability

Solution:
Cisco has released an advisory along with fixes to address this issue. Please see the referenced advisory for information on obtaining and applying fixes.

Cisco IOS Secure Copy Security Bypass Vulnerability

References:

• Cisco IOS Homepage (Cisco Systems)
  
• Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerabilit (CISCO)