CVE-2007-2586

Cisco IOS 11.3-12.4 - Unauthenticated Remote Code Execution via FTP MKD Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2586. PoCs published by Andy Davis.

AI-analyzed exploit summary This exploit targets a buffer overflow in Cisco IOS FTP server (CVE-2007-2586) to bypass authentication and escalate privileges to level 15. It uses PowerPC shellcode to manipulate VTY info and terminate processes, but requires manual completion for full exploitation.

Description

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andy Davis · cremotehardware

https://www.exploit-db.com/exploits/6155

View Code ZIP pw:eip

This exploit targets a buffer overflow in Cisco IOS FTP server (CVE-2007-2586) to bypass authentication and escalate privileges to level 15. It uses PowerPC shellcode to manipulate VTY info and terminate processes, but requires manual completion for full exploitation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Cisco IOS 12.3(18) on 2621XM router

No auth needed

Prerequisites: Network access to FTP port (21) · Target running vulnerable Cisco IOS version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Not Applicable vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml

Broken Link, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/494868

Permissions Required, Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1749

Not Applicable, Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25199

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/34197

Broken Link, Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1018030

Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23885

Issue Tracking, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq

http://seclists.org/bugtraq/2009/Jan/0183.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/6155

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/35334

Scores

EPSS 0.1438

EPSS Percentile 96.2%

Details

CWE

CWE-863

Status published

Products (50)

cisco/ios 12.0\(1\)t

cisco/ios 12.0\(1\)t1

cisco/ios 12.0\(1\)xe

cisco/ios 12.0\(2\)s

cisco/ios 12.0\(2\)t

cisco/ios 12.0\(2\)t1

cisco/ios 12.0\(2\)xe

cisco/ios 12.0\(2\)xe1

cisco/ios 12.0\(2\)xe3

cisco/ios 12.0\(2\)xe4

... and 40 more

Published May 10, 2007

Tracked Since Feb 18, 2026