CVE-2009-0637 — Cisco IOS vulnerability

CWE-2644 documents4 sources

Severity

7.1HIGHNVD

EPSS

1.3%

top 20.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XR

Timeline

PublishedMar 27

Latest updateMay 2

Description

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDcisco/ios186 versions+185

▶NVDcisco/ios_xr12.4

🔴Vulnerability Details

GHSA

GHSA-34xj-9w8p-f4vf: The SCP server in Cisco IOS 12↗2022-05-02

▶

CVEList

CVE-2009-0637: The SCP server in Cisco IOS 12↗2009-03-27

▶

📋Vendor Advisories

Cisco

Cisco IOS Software Secure Copy Privilege Escalation Vulnerability↗2009-03-25

▶