HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2007-101
Cisco IOS Secure Copy Authorization Bypass Vulnerability

Original Issue Date: August 14, 2007

Severity Rating: High


Systems Affected

  • Cisco IOS Version 12.2 configured for Secure copy (SCP).

Overview

Vulnerability exists in Secure Copy (SCP) implementation in Cisco Internetwork Operating System (IOS) that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration.


Description

Secure Copy (SCP) is a protocol which allows for the transfer of files between systems. All aspects of the file transfer session, including authentication, occur in encrypted form. The server side of the Secure Copy implementation in Cisco IOS contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. It could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration containing sensitive information (e.g., password). This vulnerability does not allow for authentication bypass; login credentials are verified and access is only granted if a valid username and password is provided. However it may cause authorization to be bypassed. A device with the Secure Copy server enabled is vulnerable regardless of whether Authentication, Authorization, and Accounting (AAA) is enabled. The device is affected when access control is enabled on the Virtual Terminal (vty).

Workaround

  • To mitigate the vulnerabilities, user may have to use access-list. 

Vendor Information

Cisco
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml


References

FrSirt
http://www.frsirt.com/english/advisories/2007/2817

Securityfocus
http://www.securityfocus.com/archive/1/475857


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003