CVE-2007-2586

Cisco IOS <12.4 - RCE

Title source: llm

Description

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Andy Davis · cremotehardware

https://www.exploit-db.com/exploits/6155

View Code ZIP pw:eip

References (11)

[Issue Tracking, Mailing List, Third Party Advisory] http://seclists.org/bugtraq/2009/Jan/0183.html

[Not Applicable, Third Party Advisory] http://secunia.com/advisories/25199

[Not Applicable] http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml

[Exploit, Third Party Advisory, VDB Entry] http://www.exploit-db.com/exploits/6155

[Broken Link] http://www.osvdb.org/35334

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/494868

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23885

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018030

[Permissions Required, Third Party Advisory] http://www.vupen.com/english/advisories/2007/1749

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34197

[Broken Link, Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036

Scores

EPSS 0.6075

EPSS Percentile 98.3%

Details

CWE

CWE-863

Status published

Products (50)

cisco/ios 12.0\(1\)t

cisco/ios 12.0\(1\)t1

cisco/ios 12.0\(1\)xe

cisco/ios 12.0\(2\)s

cisco/ios 12.0\(2\)t

cisco/ios 12.0\(2\)t1

cisco/ios 12.0\(2\)xe

cisco/ios 12.0\(2\)xe1

cisco/ios 12.0\(2\)xe3

cisco/ios 12.0\(2\)xe4

... and 40 more

Published May 10, 2007

Tracked Since Feb 18, 2026