CVE-2009-0637

Severity

71%

Complexity

39%

Confidentiality

165%

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:S/C:C/I:C/A:C).

Overview

Type

Cisco IOS

First reported 16 years ago

2009-03-27 16:30:00

Last updated 7 years ago

2017-08-29 15:14:00

Affected Software

Cisco IOS 12.2

12.2

Cisco IOS 12.2B

12.2b

Cisco IOS 12.2BC

12.2bc

Cisco IOS 12.2BW

12.2bw

Cisco IOS 12.2BX

12.2bx

Cisco IOS 12.2BY

12.2by

Cisco IOS 12.2BZ

12.2bz

Cisco IOS 12.2CA

12.2ca

Cisco IOS 12.2CX

12.2cx

Cisco IOS 12.2CY

12.2cy

Cisco IOS 12.2CZ

12.2cz

Cisco IOS 12.2DA

12.2da

Cisco IOS 12.2DD

12.2dd

Cisco IOS 12.2DX

12.2dx

Cisco IOS 12.2EW

12.2ew

Cisco IOS 12.2EWA

12.2ewa

Cisco IOS 12.2EX

12.2ex

Cisco IOS 12.2EY

12.2ey

Cisco IOS 12.2EZ

12.2ez

Cisco IOS 12.2FX

12.2fx

Cisco IOS 12.2FY

12.2fy

Cisco IOS 12.2FZ

12.2fz

Cisco IOS 12.2IRB

12.2irb

Cisco IOS 12.2IXA

12.2ixa

Cisco IOS 12.2IXB

12.2ixb

Cisco IOS 12.2IXC

12.2ixc

Cisco IOS 12.2IXD

12.2ixd

Cisco IOS 12.2IXE

12.2ixe

Cisco IOS 12.2IXF

12.2ixf

Cisco IOS 12.2IXG

12.2ixg

Cisco IOS 12.2JA

12.2ja

Cisco IOS 12.2JK

12.2jk

Cisco IOS 12.2MB

12.2mb

Cisco IOS 12.2MC

12.2mc

Cisco IOS 12.2S

12.2s

Cisco IOS 12.2SB

12.2sb

Cisco IOS 12.2SBC

12.2sbc

Cisco IOS 12.2SCA

12.2sca

Cisco IOS 12.2SGA

12.2sga

Cisco IOS 12.2SM

12.2sm

Cisco IOS 12.2SO

12.2so

Cisco IOS 12.2SRA

12.2sra

Cisco IOS 12.2SRB

12.2srb

Cisco IOS 12.2SRC

12.2src

Cisco IOS 12.2SU

12.2su

Cisco IOS 12.2SV

12.2sv

Cisco IOS 12.2SVA

12.2sva

Cisco IOS 12.2SVC

12.2svc

Cisco IOS 12.2SVD

12.2svd

Cisco IOS 12.2SVE

12.2sve

Cisco IOS 12.2SW

12.2sw

Cisco IOS 12.2SX

12.2sx

Cisco IOS 12.2SXA

12.2sxa

Cisco IOS 12.2SXB

12.2sxb

Cisco IOS 12.2SXD

12.2sxd

Cisco IOS 12.2SXE

12.2sxe

Cisco IOS 12.2SXF

12.2sxf

Cisco IOS 12.2SY

12.2sy

Cisco IOS 12.2SZ

12.2sz

Cisco IOS 12.2T

12.2t

Cisco IOS 12.2TPC

12.2tpc

Cisco IOS 12.2XA

12.2xa

Cisco IOS 12.2XB

12.2xb

Cisco IOS 12.2XC

12.2xc

Cisco IOS 12.2XD

12.2xd

Cisco IOS 12.2XE

12.2xe

Cisco IOS 12.2XF

12.2xf

Cisco IOS 12.2XG

12.2xg

Cisco IOS 12.2XH

12.2xh

Cisco IOS 12.2XI

12.2xi

Cisco IOS 12.2XJ

12.2xj

Cisco IOS 12.2XK

12.2xk

Cisco IOS 12.2XL

12.2xl

Cisco IOS 12.2XM

12.2xm

Cisco IOS 12.2XN

12.2xn

Cisco IOS 12.2XO

12.2xo

Cisco IOS 12.2XQ

12.2xq

Cisco IOS 12.2XR

12.2xr

Cisco IOS 12.2XS

12.2xs

Cisco IOS 12.2XT

12.2xt

Cisco IOS 12.2XU

12.2xu

Cisco IOS 12.2XV

12.2xv

Cisco IOS 12.2XW

12.2xw

Cisco IOS 12.2YA

12.2ya

Cisco IOS 12.2YB

12.2yb

Cisco IOS 12.2YC

12.2yc

Cisco IOS 12.2YD

12.2yd

Cisco IOS 12.2YE

12.2ye

Cisco IOS 12.2YF

12.2yf

Cisco IOS 12.2YG

12.2yg

Cisco IOS 12.2YH

12.2yh

Cisco IOS 12.2YJ

12.2yj

Cisco IOS 12.2YK

12.2yk

Cisco IOS 12.2YL

12.2yl

Cisco IOS 12.2YM

12.2ym

Cisco IOS 12.2YN

12.2yn

Cisco IOS 12.2YO

12.2yo

Cisco IOS 12.2YP

12.2yp

Cisco IOS 12.2YQ

12.2yq

Cisco IOS 12.2YR

12.2yr

Cisco IOS 12.2YS

12.2ys

Cisco IOS 12.2YT

12.2yt

Cisco IOS 12.2YU

12.2yu

Cisco IOS 12.2YV

12.2yv

Cisco IOS 12.2YW

12.2yw

Cisco IOS 12.2YX

12.2yx

Cisco IOS 12.2YY

12.2yy

Cisco IOS 12.2YZ

12.2yz

Cisco IOS 12.2ZA

12.2za

Cisco IOS 12.2ZB

12.2zb

Cisco IOS 12.2ZC

12.2zc

Cisco IOS 12.2ZD

12.2zd

Cisco IOS 12.2ZE

12.2ze

Cisco IOS 12.2ZF

12.2zf

Cisco IOS 12.2ZG

12.2zg

Cisco IOS 12.2ZH

12.2zh

Cisco IOS 12.2ZJ

12.2zj

Cisco IOS 12.2ZL

12.2zl

Cisco IOS 12.2ZP

12.2zp

Cisco IOS 12.2ZU

12.2zu

Cisco IOS 12.2ZX

12.2zx

Cisco IOS 12.2ZY

12.2zy

Cisco IOS 12.2ZYA

12.2zya

Cisco IOS 12.4

12.4

Cisco IOS 12.4 (1)

12.4\(1\)

Cisco IOS 12.4 (1b)

12.4\(1b\)

Cisco IOS 12.4 (1c)

12.4\(1c\)

Cisco IOS 12.4 (2)MR

12.4\(2\)mr

Cisco IOS 12.4 (2)MR1

12.4\(2\)mr1

Cisco IOS 12.4 (2)T

12.4\(2\)t

Cisco IOS 12.4 (2)T1

12.4\(2\)t1

Cisco IOS 12.4 (2)T2

12.4\(2\)t2

Cisco IOS 12.4 (2)T3

12.4\(2\)t3

Cisco IOS 12.4(2)T4

12.4\(2\)t4

Cisco IOS 12.4 (2)XA

12.4\(2\)xa

Cisco IOS 12.4 (2)XB

12.4\(2\)xb

Cisco IOS 12.4(2)XB2

12.4\(2\)xb2

Cisco IOS 12.4 (3)

12.4\(3\)

Cisco IOS 12.4(3)T2

12.4\(3\)t2

Cisco IOS 12.4 (3a)

12.4\(3a\)

Cisco IOS 12.4 (3b)

12.4\(3b\)

Cisco IOS 12.4(3d)

12.4\(3d\)

Cisco IOS 12.4(4)MR

12.4\(4\)mr

Cisco IOS 12.4 (4)T

12.4\(4\)t

Cisco IOS 12.4(4)T2

12.4\(4\)t2

Cisco IOS 12.4 (5)

12.4\(5\)

Cisco IOS 12.4(5b)

12.4\(5b\)

Cisco IOS 12.4(6)T

12.4\(6\)t

Cisco IOS 12.4(6)T1

12.4\(6\)t1

Cisco IOS 12.4(7)

12.4\(7\)

Cisco IOS 12.4(7a)

12.4\(7a\)

Cisco IOS 12.4(8)

12.4\(8\)

Cisco IOS 12.4(9)T

12.4\(9\)t

Cisco IOS 12.4 (23)

12.4\(23\)

Cisco IOS 12.4JA

12.4ja

Cisco IOS 12.4JDA

12.4jda

Cisco IOS 12.4JK

12.4jk

Cisco IOS 12.4JL

12.4jl

Cisco IOS 12.4JMA

12.4jma

Cisco IOS 12.4JMB

12.4jmb

Cisco IOS 12.4JX

12.4jx

Cisco IOS 12.4 MD

12.4md

Cisco IOS 12.4MR

12.4mr

Cisco IOS 12.4SW

12.4sw

Cisco IOS 12.4T

12.4t

Cisco IOS 12.4XA

12.4xa

Cisco IOS 12.4XB

12.4xb

Cisco IOS 12.4XC

12.4xc

Cisco IOS 12.4XD

12.4xd

Cisco IOS 12.4XE

12.4xe

Cisco IOS 12.4XF

12.4xf

Cisco IOS 12.4XG

12.4xg

Cisco IOS 12.4XJ

12.4xj

Cisco IOS 12.4xk

12.4xk

Cisco IOS 12.4XL

12.4xl

Cisco IOS 12.4XM

12.4xm

Cisco IOS 12.4XN

12.4xn

Cisco IOS 12.4XP

12.4xp

Cisco IOS 12.4XT

12.4xt

Cisco IOS 12.4XV

12.4xv

Cisco IOS 12.4XW

12.4xw

Cisco IOS 12.4XY

12.4xy

References

34438

Vendor Advisory

1021899

Third Party Advisory, VDB Entry

http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml

Vendor Advisory

20090325 Cisco IOS Software Secure Copy Privilege Escalation Vulnerability

Vendor Advisory

34247

Third Party Advisory, VDB Entry

ADV-2009-0851

Not Applicable

ios-scp-priv-escalation(49423)

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.