CVE-2007-2586

critical

Description

The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.

References

Advisories
More

https://exchange.xforce.ibmcloud.com/vulnerabilities/34197

http://www.vupen.com/english/advisories/2007/1749

http://secunia.com/advisories/25199

http://seclists.org/bugtraq/2009/Jan/0183.html

http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml

Details

Source: Mitre, NVD

Published: 2007-05-10

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.55631