Cisco IOS FTP Server Authentication Bypass Vulnerability Network Vulnerability

Summary

The Cisco IOS FTP server is enabled on the remote system. Description : The FTP server does not properly verify authentication, allowing for anonymous access to the file system. An attacker could use the ftp server to view/download confidential configuration files, or upload replacements which will be used at startup.

Solution

Disable the FTP Server by using 'no ftp-server enable' or upgrade to a newer release (see cisco-sa-20070509-iosftp).

References

http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-2586

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability
Microsoft IIS FTPd NLST stack overflow
FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability
FFFTP LIST Command Directory Traversal Vulnerability
PCMan's FTP Server Multiple Vulnerabilities

Take action and discover your vulnerabilities