Detections
Analytics

Cisco IOS Software Secure Copy Privilege Escalation Vulnerability - Cisco Systems

high Nessus Plugin ID 49032

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.

The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default.
Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.

This vulnerability does not apply to the Cisco IOS SCP client feature.
Cisco has released free software updates that address this vulnerability.

There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20090325-scp.

See Also

http://www.nessus.org/u?511a752b

http://www.nessus.org/u?244201aa

Plugin Details

Severity: High

ID: 49032

File Name: cisco-sa-20090325-scphttp.nasl

Version: 1.25

Type: combined

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: This score is based on cisco's own advisory (cisco-sa-20090325-scp)

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2009-0637

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/25/2009

Vulnerability Publication Date: 3/25/2009

Reference Information

CVE: CVE-2009-0637

BID: 34247

CISCO-SA: cisco-sa-20090325-scp

CISCO-BUG-ID: CSCsv38166