EIP-2026-101206

PRE-CVE

Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101206. PoCs published by prdelka.

AI-analyzed exploit summary This exploit targets a directory traversal vulnerability in the Cisco VPN Concentrator 3000 FTP service, allowing unauthenticated users to manipulate directories and files. It demonstrates commands like CWD, MKD, RMD, and RNFR to interact with the filesystem.

Description

Cisco VPN 3000 Concentrator 4.1.7/4.7.2 - 'FTP' Remote File System Access

Exploits (1)

exploitdb WORKING POC VERIFIED

by prdelka · cremotehardware

https://www.exploit-db.com/exploits/2638

View Code ZIP pw:eip

This exploit targets a directory traversal vulnerability in the Cisco VPN Concentrator 3000 FTP service, allowing unauthenticated users to manipulate directories and files. It demonstrates commands like CWD, MKD, RMD, and RNFR to interact with the filesystem.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Cisco VPN Concentrator 3000 Version 4.1.5 RelJun 18 2004

No auth needed

Prerequisites: Network access to the FTP service on port 21

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026