Vulnerability Name:

CVE-2007-4263 (CCN-35872)

Assigned:2007-08-08
Published:2007-08-08
Updated:2017-09-29
Summary:Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.
CVSS v3 Severity:8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C)
6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Aug 08 2007 - 11:37:21 CDT
Cisco Security Advisory: Cisco IOS Secure Copy Authorization Bypass Vulnerability

Source: MITRE
Type: CNA
CVE-2007-4263

Source: OSVDB
Type: UNKNOWN
36694

Source: CCN
Type: SA26361
Cisco IOS Secure Copy Security Bypass Vulnerability

Source: SECUNIA
Type: UNKNOWN
26361

Source: CCN
Type: SECTRACK ID: 1018534
Cisco IOS Secure Copy (SCP) Lets All Remote Authenticated Users Transfer Files

Source: CCN
Type: cisco-sa-20070808-scp
Cisco IOS Secure Copy Authorization Bypass Vulnerability

Source: CISCO
Type: UNKNOWN
20070808 Cisco IOS Secure Copy Authorization Bypass Vulnerability

Source: CCN
Type: OSVDB ID: 36694
Cisco IOS Secure Copy (SCP) Unspecified Remote File Manipulation

Source: BID
Type: UNKNOWN
25240

Source: CCN
Type: BID-25240
Cisco IOS Secure Copy Security Bypass Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018534

Source: VUPEN
Type: UNKNOWN
ADV-2007-2817

Source: XF
Type: UNKNOWN
cisco-ios-scp-file-overwrite(35872)

Source: XF
Type: UNKNOWN
cisco-ios-scp-file-overwrite(35872)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5542

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:ios:12.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:cisco:ios:12.2sxd:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2sxf:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2sxe:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:12.2zu:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5542
    V
    		Cisco IOS 12.2 Secure Copy Security Bypass Vulnerability
    2008-09-08
    BACK
    cisco ios 12.2
    cisco ios 12.2sxd
    cisco ios 12.2sxf
    cisco ios 12.2sxe
    cisco ios 12.2zu