Cisco IOS Secure Copy Authorization Bypass Vulnerability

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The server side of the Secure Copy (SCP) implementation in Cisco
Internetwork Operating System (IOS) contains a vulnerability that
allows any valid user, regardless of privilege level, to transfer files
to and from an IOS device that is configured to be a Secure Copy
server. This vulnerability could allow valid users to retrieve or write
to any file on the device's filesystem, including the device's saved
configuration. This configuration file may include passwords or other
sensitive information.
The IOS Secure Copy Server is an optional service that is disabled by
default. Devices that are not specifically configured to enable the IOS
Secure Copy Server service are not affected by this vulnerability.
This vulnerability does not apply to the IOS Secure Copy Client

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 8.5
CVSS Temporal Score : 7.0
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49009 (cisco-sa-20070808-scphttp.nasl)

Bugtraq ID: 25240

CVE ID: CVE-2007-4263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now