CVE-2007-2587

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 11.3 through 12.4

Description The issue allows remote authenticated users to cause a denial of service via unspecified vectors involving transferring files. It also contains multiple vulnerabilities that can result in a denial of service condition, improper verification of user credentials, and the ability to retrieve or write any file from the device filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.

Recommendations For Cisco IOS versions 11.3 through 12.4, consider disabling the IOS FTP Server feature as a temporary workaround until a patch is available. Restrict access to the device's filesystem to minimize the risk of exploitation. Avoid using the IOS FTP Server feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.