Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0637

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2009-0637
Last Modified 24 Jul 2009 12:00:00
Published 27 Mar 2009 12:30:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2009-0637

Summary

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

Vulnerable Systems

Operating System

  • Cisco Ios 12.4

  • Cisco Ios 12.4%281%29

  • Cisco Ios 12.4%281b%29

  • Cisco Ios 12.4%281c%29

  • Cisco Ios 12.4%282%29mr

  • Cisco Ios 12.4%282%29mr1

  • Cisco Ios 12.4%282%29t

  • Cisco Ios 12.4%282%29t1

  • Cisco Ios 12.4%282%29t2

  • Cisco Ios 12.4%282%29t3

  • Cisco Ios 12.4%282%29t4

  • Cisco Ios 12.4%282%29xa

  • Cisco Ios 12.4%282%29xb

  • Cisco Ios 12.4%282%29xb2

  • Cisco Ios 12.4%2823%29

  • Cisco Ios 12.4%283%29

  • Cisco Ios 12.4%283%29t2

  • Cisco Ios 12.4%283a%29

  • Cisco Ios 12.4%283b%29

  • Cisco Ios 12.4%283d%29

  • Cisco Ios 12.4%284%29mr

  • Cisco Ios 12.4%284%29t

  • Cisco Ios 12.4%284%29t2

  • Cisco Ios 12.4%285%29

  • Cisco Ios 12.4%285b%29

  • Cisco Ios 12.4%286%29t

  • Cisco Ios 12.4%286%29t1

  • Cisco Ios 12.4%287%29

  • Cisco Ios 12.4%287a%29

  • Cisco Ios 12.4%288%29

  • Cisco Ios 12.4%289%29t

  • Cisco Ios 12.4ja

  • Cisco Ios 12.4jda

  • Cisco Ios 12.4jk

  • Cisco Ios 12.4jl

  • Cisco Ios 12.4jma

  • Cisco Ios 12.4jmb

  • Cisco Ios 12.4jx

  • Cisco Ios 12.4md

  • Cisco Ios 12.4mr

  • Cisco Ios 12.4sw

  • Cisco Ios 12.4t

  • Cisco Ios 12.4xa

  • Cisco Ios 12.4xb

  • Cisco Ios 12.4xc

  • Cisco Ios 12.4xd

  • Cisco Ios 12.4xe

  • Cisco Ios 12.4xf

  • Cisco Ios 12.4xg

  • Cisco Ios 12.4xj

  • Cisco Ios 12.4xk

  • Cisco Ios 12.4xl

  • Cisco Ios 12.4xm

  • Cisco Ios 12.4xn

  • Cisco Ios 12.4xp

  • Cisco Ios 12.4xt

  • Cisco Ios 12.4xv

  • Cisco Ios 12.4xw


References

XF - ios-scp-priv-escalation(49423)

VUPEN - ADV-2009-0851

BID - 34247

CISCO - 20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability

CONFIRM - http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml

SECTRACK - 1021899

SECUNIA - 34438


Last Updated: 27 May 2016 10:50:20