The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34197
http://www.vupen.com/english/advisories/2007/1749
http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml