New Search

Cisco IOS FTP Server Authentication Bypass Vulnerability

oval:org.mitre.oval:def:5036

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization which allows remote attackers to execute arbitrary code and have other impact including reading startup-config as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer aka bug ID CSCek55259.

Family:
ios
Status:
ACCEPTED
Platform(s):
  • Cisco IOS
Class:
vulnerability
Reference(s):
  • CVE-2007-2586
Product(s):