Sign-up

ID

VAR-200708-0206


CVE

CVE-2007-4263


TITLE

Cisco IOS In SCP Problem of improperly checking user rights in implementation

Trust: 0.8

sources: JVNDB: JVNDB-2007-000583

DESCRIPTION

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. Exploiting this issue allows remote attackers to retrieve, write, or overwrite arbitrary files on the device's filesystem, including configuration and password files. Successful exploits will result in a complete compromise of affected devices. This issue affects Cisco 12.2-based IOS with the secure copy server feature enabled. This feature is not enabled by default. This issue is being tracked by Cisco Bug ID CSCsc19259. Cisco IOS is the operating system used in Cisco networking equipment. This vulnerability does not allow authentication bypass; login credentials are required to be verified and access is only allowed if a valid username and password are provided. ---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Cisco IOS Secure Copy Security Bypass Vulnerability SECUNIA ADVISORY ID: SA26361 VERIFY ADVISORY: http://secunia.com/advisories/26361/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system REVISION: 1.1 originally posted 2007-08-09 OPERATING SYSTEM: Cisco IOS 12.x http://secunia.com/product/182/ Cisco IOS R12.x http://secunia.com/product/50/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions. configuration files containing passwords) from and to an IOS device without privilege levels being checked. Successful exploitation requires that the device is configured as a Secure Copy server (disabled by default). The vulnerability reportedly only affects certain 12.2-based IOS releases. SOLUTION: Apply updated versions (see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Vijay Sarvepalli, University of North Carolina CHANGELOG: 2007-08-09: Added CVE reference. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-4263 // JVNDB: JVNDB-2007-000583 // BID: 25240 // VULHUB: VHN-27625 // PACKETSTORM: 58402

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:12.2

Trust: 2.4

vendor:ciscomodel:ios 12.2sxfscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxescope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2sxdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ixdscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ixcscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ixbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.2ixascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios zuscope:eqversion:12.2

Trust: 0.3

sources: BID: 25240 // JVNDB: JVNDB-2007-000583 // CNNVD: CNNVD-200708-109 // NVD: CVE-2007-4263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-4263
value: HIGH

Trust: 1.0

NVD: CVE-2007-4263
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200708-109
value: HIGH

Trust: 0.6

VULHUB: VHN-27625
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-4263
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-27625
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-27625 // JVNDB: JVNDB-2007-000583 // CNNVD: CNNVD-200708-109 // NVD: CVE-2007-4263

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-109

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200708-109

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-000583

PATCH
title:cisco-sa-20070808-scpurl:http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-000583

EXTERNAL IDS
db:BIDid:25240
Trust: 2.8
db:NVDid:CVE-2007-4263
Trust: 2.8
db:SECUNIAid:26361
Trust: 2.6
db:OSVDBid:36694
Trust: 1.7
db:VUPENid:ADV-2007-2817
Trust: 1.7
db:SECTRACKid:1018534
Trust: 1.7
db:XFid:35872
Trust: 1.4
db:JVNDBid:JVNDB-2007-000583
Trust: 0.8
db:CNNVDid:CNNVD-200708-109
Trust: 0.7
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:5542
Trust: 0.6
db:CISCOid:20070808 CISCO IOS SECURE COPY AUTHORIZATION BYPASS VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-27625
Trust: 0.1
db:PACKETSTORMid:58402
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27625 // 
            
            
            
            BID: 25240 // 
            
            
            
            JVNDB: JVNDB-2007-000583 // 
            
            
            
            PACKETSTORM: 58402 // 
            
            
            
            CNNVD: CNNVD-200708-109 // 
            
            
            
            NVD: CVE-2007-4263

REFERENCES
url:http://www.securityfocus.com/bid/25240
Trust: 2.5
url:http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
Trust: 1.8
url:http://osvdb.org/36694
Trust: 1.7
url:http://www.securitytracker.com/id?1018534
Trust: 1.7
url:http://secunia.com/advisories/26361
Trust: 1.7
url:http://www.frsirt.com/english/advisories/2007/2817
Trust: 1.4
url:http://xforce.iss.net/xforce/xfdb/35872
Trust: 1.4
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5542
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/2817
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35872
Trust: 1.1
url:http://secunia.com/advisories/26361/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4263
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4263
Trust: 0.8
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5542
Trust: 0.6
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:http://www.cisco.com/en/us/products/products_security_advisory09186a0080899636.shtml
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/50/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/182/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-27625 // 
            
            
            
            BID: 25240 // 
            
            
            
            JVNDB: JVNDB-2007-000583 // 
            
            
            
            PACKETSTORM: 58402 // 
            
            
            
            CNNVD: CNNVD-200708-109 // 
            
            
            
            NVD: CVE-2007-4263

CREDITS
Vijay Sarvepalli
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200708-109

SOURCES
db:VULHUBid:VHN-27625
db:BIDid:25240
db:JVNDBid:JVNDB-2007-000583
db:PACKETSTORMid:58402
db:CNNVDid:CNNVD-200708-109
db:NVDid:CVE-2007-4263

LAST UPDATE DATE
2025-04-10T23:25:44.486000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-27625date:2017-09-29T00:00:00
db:BIDid:25240date:2015-05-07T17:36:00
db:JVNDBid:JVNDB-2007-000583date:2007-08-21T00:00:00
db:CNNVDid:CNNVD-200708-109date:2009-03-04T00:00:00
db:NVDid:CVE-2007-4263date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-27625date:2007-08-08T00:00:00
db:BIDid:25240date:2007-08-08T00:00:00
db:JVNDBid:JVNDB-2007-000583date:2007-08-21T00:00:00
db:PACKETSTORMid:58402date:2007-08-10T02:01:07
db:CNNVDid:CNNVD-200708-109date:2007-08-08T00:00:00
db:NVDid:CVE-2007-4263date:2007-08-08T23:17:00