Multiple Vulnerabilities in the IOS FTP Server

high Nessus Plugin ID 49003

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default.
Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
These vulnerabilities do not apply to the IOS FTP Client feature.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070509-iosftp.

Plugin Details

Severity: High

ID: 49003

File Name: cisco-sa-20070509-iosftphttp.nasl

Version: 1.16

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2007

Vulnerability Publication Date: 5/9/2007

Reference Information

CVE: CVE-2007-2586, CVE-2007-2587

BID: 23885

CWE: 264

CISCO-SA: cisco-sa-20070509-iosftp

CISCO-BUG-ID: CSCek55259, CSCse29244, CSCsg16908

Detections

Analytics