Multiple Vulnerabilities in the IOS FTP Server

high Nessus Plugin ID 49003



The remote device is missing a vendor-supplied security patch.


The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default.
Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
These vulnerabilities do not apply to the IOS FTP Client feature.


Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20070509-iosftp.

See Also

Plugin Details

Severity: High

ID: 49003

File Name: cisco-sa-20070509-iosftphttp.nasl

Version: 1.16

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2007

Vulnerability Publication Date: 5/9/2007

Reference Information

CVE: CVE-2007-2586, CVE-2007-2587

BID: 23885