A vulnerability has been reported in Cisco IOS, which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to an error in the Secure Copy (SCP) implementation and can be exploited to copy files (e.g. configuration files containing passwords) from and to an IOS device without privilege levels being checked.
Successful exploitation requires that the device is configured as a Secure Copy server (disabled by default).
The vulnerability reportedly only affects certain 12.2-based IOS releases.
Solution: Apply updated versions (see the vendor's advisory for details).
Provided and/or discovered by: The vendor credits Vijay Sarvepalli, University of North Carolina
Original Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org