CVE-2007-4263

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2

Description The server side of the Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information. The IOS Secure Copy Server is an optional service that is disabled by default, and devices not specifically configured to enable this service are not affected.

Recommendations For Cisco IOS version 12.2, consider disabling the IOS Secure Copy Server service until a patch is available to prevent exploitation of this vulnerability. Restrict access to sensitive files on the device's filesystem to minimize the risk of information leakage.