The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
Weakness
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 12.0(1)t (including) | 12.0(1)t (including) |
| Ios | Cisco | 12.0(1)t1 (including) | 12.0(1)t1 (including) |
| Ios | Cisco | 12.0(1)xe (including) | 12.0(1)xe (including) |
| Ios | Cisco | 12.0(2)s (including) | 12.0(2)s (including) |
| Ios | Cisco | 12.0(2)t (including) | 12.0(2)t (including) |
| Ios | Cisco | 12.0(2)t1 (including) | 12.0(2)t1 (including) |
| Ios | Cisco | 12.0(2)xe (including) | 12.0(2)xe (including) |
| Ios | Cisco | 12.0(2)xe1 (including) | 12.0(2)xe1 (including) |
| Ios | Cisco | 12.0(2)xe3 (including) | 12.0(2)xe3 (including) |
| Ios | Cisco | 12.0(2)xe4 (including) | 12.0(2)xe4 (including) |
| Ios | Cisco | 12.0(2a)t1 (including) | 12.0(2a)t1 (including) |
| Ios | Cisco | 12.0(3)s (including) | 12.0(3)s (including) |
| Ios | Cisco | 12.0(3)t (including) | 12.0(3)t (including) |
| Ios | Cisco | 12.0(3)t2 (including) | 12.0(3)t2 (including) |
| Ios | Cisco | 12.0(3)t3 (including) | 12.0(3)t3 (including) |
| Ios | Cisco | 12.0(4)s (including) | 12.0(4)s (including) |
| Ios | Cisco | 12.0(4)t (including) | 12.0(4)t (including) |
| Ios | Cisco | 12.0(4)xe (including) | 12.0(4)xe (including) |
| Ios | Cisco | 12.0(4)xe2 (including) | 12.0(4)xe2 (including) |
| Ios | Cisco | 12.0(5)s (including) | 12.0(5)s (including) |
| Ios | Cisco | 12.0(5)t (including) | 12.0(5)t (including) |
| Ios | Cisco | 12.0(5)t1 (including) | 12.0(5)t1 (including) |
| Ios | Cisco | 12.0(5)xe (including) | 12.0(5)xe (including) |
| Ios | Cisco | 12.0(5)xe1 (including) | 12.0(5)xe1 (including) |
| Ios | Cisco | 12.0(5)xe2 (including) | 12.0(5)xe2 (including) |
| Ios | Cisco | 12.0(5)xe3 (including) | 12.0(5)xe3 (including) |
| Ios | Cisco | 12.0(5)xe4 (including) | 12.0(5)xe4 (including) |
| Ios | Cisco | 12.0(5)xe5 (including) | 12.0(5)xe5 (including) |
| Ios | Cisco | 12.0(5)xe8 (including) | 12.0(5)xe8 (including) |
| Ios | Cisco | 12.0(5)xk (including) | 12.0(5)xk (including) |
| Ios | Cisco | 12.0(5)xk1 (including) | 12.0(5)xk1 (including) |
| Ios | Cisco | 12.0(5)xk2 (including) | 12.0(5)xk2 (including) |
| Ios | Cisco | 12.0(5)xt1 (including) | 12.0(5)xt1 (including) |
| Ios | Cisco | 12.0(6)s (including) | 12.0(6)s (including) |
| Ios | Cisco | 12.0(6)s1 (including) | 12.0(6)s1 (including) |
| Ios | Cisco | 12.0(6)s2 (including) | 12.0(6)s2 (including) |
| Ios | Cisco | 12.0(7)s (including) | 12.0(7)s (including) |
| Ios | Cisco | 12.0(7)s1 (including) | 12.0(7)s1 (including) |
| Ios | Cisco | 12.0(7)t (including) | 12.0(7)t (including) |
| Ios | Cisco | 12.0(7)t1 (including) | 12.0(7)t1 (including) |
| Ios | Cisco | 12.0(7)t2 (including) | 12.0(7)t2 (including) |
| Ios | Cisco | 12.0(7)t3 (including) | 12.0(7)t3 (including) |
| Ios | Cisco | 12.0(7)xk (including) | 12.0(7)xk (including) |
| Ios | Cisco | 12.0(7)xk1 (including) | 12.0(7)xk1 (including) |
| Ios | Cisco | 12.0(7)xk2 (including) | 12.0(7)xk2 (including) |
| Ios | Cisco | 12.0(7)xk3 (including) | 12.0(7)xk3 (including) |
| Ios | Cisco | 12.0(8)s (including) | 12.0(8)s (including) |
| Ios | Cisco | 12.0(8)s1 (including) | 12.0(8)s1 (including) |
| Ios | Cisco | 12.0(9)s (including) | 12.0(9)s (including) |
| Ios | Cisco | 12.0(9)s8 (including) | 12.0(9)s8 (including) |
| Ios | Cisco | 12.0(9)st (including) | 12.0(9)st (including) |
| Ios | Cisco | 12.0(10)s (including) | 12.0(10)s (including) |
| Ios | Cisco | 12.0(10)s1 (including) | 12.0(10)s1 (including) |
| Ios | Cisco | 12.0(10)s2 (including) | 12.0(10)s2 (including) |
| Ios | Cisco | 12.0(10)s3 (including) | 12.0(10)s3 (including) |
| Ios | Cisco | 12.0(10)s3b (including) | 12.0(10)s3b (including) |
| Ios | Cisco | 12.0(10)s4 (including) | 12.0(10)s4 (including) |
| Ios | Cisco | 12.0(10)s5 (including) | 12.0(10)s5 (including) |
| Ios | Cisco | 12.0(10)s6 (including) | 12.0(10)s6 (including) |
| Ios | Cisco | 12.0(10)s7 (including) | 12.0(10)s7 (including) |
| Ios | Cisco | 12.0(10)s8 (including) | 12.0(10)s8 (including) |
| Ios | Cisco | 12.0(10)st (including) | 12.0(10)st (including) |
| Ios | Cisco | 12.0(10)st1 (including) | 12.0(10)st1 (including) |
| Ios | Cisco | 12.0(10)st2 (including) | 12.0(10)st2 (including) |
| Ios | Cisco | 12.0(11)s (including) | 12.0(11)s (including) |
| Ios | Cisco | 12.0(11)s1 (including) | 12.0(11)s1 (including) |
| Ios | Cisco | 12.0(11)s2 (including) | 12.0(11)s2 (including) |
| Ios | Cisco | 12.0(11)s3 (including) | 12.0(11)s3 (including) |
| Ios | Cisco | 12.0(11)s4 (including) | 12.0(11)s4 (including) |
| Ios | Cisco | 12.0(11)s5 (including) | 12.0(11)s5 (including) |
| Ios | Cisco | 12.0(11)s6 (including) | 12.0(11)s6 (including) |
| Ios | Cisco | 12.0(11)st (including) | 12.0(11)st (including) |
| Ios | Cisco | 12.0(11)st1 (including) | 12.0(11)st1 (including) |
| Ios | Cisco | 12.0(11)st2 (including) | 12.0(11)st2 (including) |
| Ios | Cisco | 12.0(11)st3 (including) | 12.0(11)st3 (including) |
| Ios | Cisco | 12.0(11)st4 (including) | 12.0(11)st4 (including) |
| Ios | Cisco | 12.0(28)s4a (including) | 12.0(28)s4a (including) |
| Ios | Cisco | 12.0(31)sz2 (including) | 12.0(31)sz2 (including) |
| Ios | Cisco | 12.1(3)xi (including) | 12.1(3)xi (including) |
| Ios | Cisco | 12.1(5)xm (including) | 12.1(5)xm (including) |
| Ios | Cisco | 12.1(5)xm1 (including) | 12.1(5)xm1 (including) |
| Ios | Cisco | 12.1(5)xm2 (including) | 12.1(5)xm2 (including) |
| Ios | Cisco | 12.1(5)xm3 (including) | 12.1(5)xm3 (including) |
| Ios | Cisco | 12.1(5)xm4 (including) | 12.1(5)xm4 (including) |
| Ios | Cisco | 12.1(5)xm5 (including) | 12.1(5)xm5 (including) |
| Ios | Cisco | 12.1(5)xm7 (including) | 12.1(5)xm7 (including) |
| Ios | Cisco | 12.1(5)xm8 (including) | 12.1(5)xm8 (including) |
| Ios | Cisco | 12.1(5c)ex (including) | 12.1(5c)ex (including) |
| Ios | Cisco | 12.1(5c)ex1 (including) | 12.1(5c)ex1 (including) |
| Ios | Cisco | 12.1(6)ex (including) | 12.1(6)ex (including) |
| Ios | Cisco | 12.1(8b)ex4 (including) | 12.1(8b)ex4 (including) |
| Ios | Cisco | 12.1(9)ex (including) | 12.1(9)ex (including) |
| Ios | Cisco | 12.2(8)zb (including) | 12.2(8)zb (including) |
| Ios | Cisco | 12.2(9)yo (including) | 12.2(9)yo (including) |
| Ios | Cisco | 12.2(9)yo1 (including) | 12.2(9)yo1 (including) |
| Ios | Cisco | 12.2(9)yo2 (including) | 12.2(9)yo2 (including) |
| Ios | Cisco | 12.2(9)yo3 (including) | 12.2(9)yo3 (including) |
| Ios | Cisco | 12.2(9)yo4 (including) | 12.2(9)yo4 (including) |
| Ios | Cisco | 12.2(11)yz (including) | 12.2(11)yz (including) |
| Ios | Cisco | 12.2(11)yz1 (including) | 12.2(11)yz1 (including) |
| Ios | Cisco | 12.2(11)yz2 (including) | 12.2(11)yz2 (including) |
| Ios | Cisco | 12.2(11)yz3 (including) | 12.2(11)yz3 (including) |
| Ios | Cisco | 12.2(12b)m1 (including) | 12.2(12b)m1 (including) |
| Ios | Cisco | 12.2(12h)m1 (including) | 12.2(12h)m1 (including) |
| Ios | Cisco | 12.2(13)zf (including) | 12.2(13)zf (including) |
| Ios | Cisco | 12.2(13)zf1 (including) | 12.2(13)zf1 (including) |
| Ios | Cisco | 12.2(13)zf2 (including) | 12.2(13)zf2 (including) |
| Ios | Cisco | 12.2(13)zh (including) | 12.2(13)zh (including) |
| Ios | Cisco | 12.2(13)zh1 (including) | 12.2(13)zh1 (including) |
| Ios | Cisco | 12.2(13)zh2 (including) | 12.2(13)zh2 (including) |
| Ios | Cisco | 12.2(13)zh3 (including) | 12.2(13)zh3 (including) |
| Ios | Cisco | 12.2(13)zh4 (including) | 12.2(13)zh4 (including) |
| Ios | Cisco | 12.2(13)zh5 (including) | 12.2(13)zh5 (including) |
| Ios | Cisco | 12.2(13b)m1 (including) | 12.2(13b)m1 (including) |
| Ios | Cisco | 12.2(13b)m2 (including) | 12.2(13b)m2 (including) |
| Ios | Cisco | 12.2(14)sz (including) | 12.2(14)sz (including) |
| Ios | Cisco | 12.2(14)sz1 (including) | 12.2(14)sz1 (including) |
| Ios | Cisco | 12.2(14)sz2 (including) | 12.2(14)sz2 (including) |
| Ios | Cisco | 12.2(14)sz3 (including) | 12.2(14)sz3 (including) |
| Ios | Cisco | 12.2(14)sz4 (including) | 12.2(14)sz4 (including) |
| Ios | Cisco | 12.2(14)sz5 (including) | 12.2(14)sz5 (including) |
| Ios | Cisco | 12.2(14)sz6 (including) | 12.2(14)sz6 (including) |
| Ios | Cisco | 12.2(15)zj (including) | 12.2(15)zj (including) |
| Ios | Cisco | 12.2(15)zj1 (including) | 12.2(15)zj1 (including) |
| Ios | Cisco | 12.2(15)zj2 (including) | 12.2(15)zj2 (including) |
| Ios | Cisco | 12.2(15)zj3 (including) | 12.2(15)zj3 (including) |
| Ios | Cisco | 12.2(15)zj4 (including) | 12.2(15)zj4 (including) |
| Ios | Cisco | 12.2(15)zj5 (including) | 12.2(15)zj5 (including) |
| Ios | Cisco | 12.2(15)zl (including) | 12.2(15)zl (including) |
| Ios | Cisco | 12.2(15)zl1 (including) | 12.2(15)zl1 (including) |
| Ios | Cisco | 12.2(15)zn (including) | 12.2(15)zn (including) |
| Ios | Cisco | 12.2(18)s (including) | 12.2(18)s (including) |
| Ios | Cisco | 12.2(18)s1 (including) | 12.2(18)s1 (including) |
| Ios | Cisco | 12.2(18)s2 (including) | 12.2(18)s2 (including) |
| Ios | Cisco | 12.2(18)s3 (including) | 12.2(18)s3 (including) |
| Ios | Cisco | 12.2(18)s4 (including) | 12.2(18)s4 (including) |
| Ios | Cisco | 12.2(20)s (including) | 12.2(20)s (including) |
| Ios | Cisco | 12.2(20)s1 (including) | 12.2(20)s1 (including) |
| Ios | Cisco | 12.2(20)s2 (including) | 12.2(20)s2 (including) |
| Ios | Cisco | 12.2(20)s2a (including) | 12.2(20)s2a (including) |
| Ios | Cisco | 12.2(20)s3 (including) | 12.2(20)s3 (including) |
| Ios | Cisco | 12.2(20)s4 (including) | 12.2(20)s4 (including) |
| Ios | Cisco | 12.2(20)s4a (including) | 12.2(20)s4a (including) |
| Ios | Cisco | 12.2(20)s5 (including) | 12.2(20)s5 (including) |
| Ios | Cisco | 12.2(20)s6 (including) | 12.2(20)s6 (including) |
| Ios | Cisco | 12.2(22)s (including) | 12.2(22)s (including) |
| Ios | Cisco | 12.2(25)s (including) | 12.2(25)s (including) |
| Ios | Cisco | 12.2(25)s1 (including) | 12.2(25)s1 (including) |
| Ios | Cisco | 12.2(25)s2 (including) | 12.2(25)s2 (including) |
| Ios | Cisco | 12.2(25)se (including) | 12.2(25)se (including) |
| Ios | Cisco | 12.3(1a)b (including) | 12.3(1a)b (including) |
| Ios | Cisco | 12.3(2)ja3 (including) | 12.3(2)ja3 (including) |
| Ios | Cisco | 12.3(2)ja4 (including) | 12.3(2)ja4 (including) |
| Ios | Cisco | 12.3(2)t (including) | 12.3(2)t (including) |
| Ios | Cisco | 12.3(2)t1 (including) | 12.3(2)t1 (including) |
| Ios | Cisco | 12.3(2)t2 (including) | 12.3(2)t2 (including) |
| Ios | Cisco | 12.3(2)t3 (including) | 12.3(2)t3 (including) |
| Ios | Cisco | 12.3(2)t4 (including) | 12.3(2)t4 (including) |
| Ios | Cisco | 12.3(2)t5 (including) | 12.3(2)t5 (including) |
| Ios | Cisco | 12.3(2)t6 (including) | 12.3(2)t6 (including) |
| Ios | Cisco | 12.3(2)t7 (including) | 12.3(2)t7 (including) |
| Ios | Cisco | 12.3(2)t8 (including) | 12.3(2)t8 (including) |
| Ios | Cisco | 12.3(2)t9 (including) | 12.3(2)t9 (including) |
| Ios | Cisco | 12.3(2)xa (including) | 12.3(2)xa (including) |
| Ios | Cisco | 12.3(2)xa1 (including) | 12.3(2)xa1 (including) |
| Ios | Cisco | 12.3(2)xa2 (including) | 12.3(2)xa2 (including) |
| Ios | Cisco | 12.3(2)xa3 (including) | 12.3(2)xa3 (including) |
| Ios | Cisco | 12.3(2)xa4 (including) | 12.3(2)xa4 (including) |
| Ios | Cisco | 12.3(2)xa5 (including) | 12.3(2)xa5 (including) |
| Ios | Cisco | 12.3(2)xc (including) | 12.3(2)xc (including) |
| Ios | Cisco | 12.3(2)xc1 (including) | 12.3(2)xc1 (including) |
| Ios | Cisco | 12.3(2)xc2 (including) | 12.3(2)xc2 (including) |
| Ios | Cisco | 12.3(2)xe (including) | 12.3(2)xe (including) |
| Ios | Cisco | 12.3(2)xe1 (including) | 12.3(2)xe1 (including) |
| Ios | Cisco | 12.3(2)xe2 (including) | 12.3(2)xe2 (including) |
| Ios | Cisco | 12.3(2)xe3 (including) | 12.3(2)xe3 (including) |
| Ios | Cisco | 12.3(2)xe4 (including) | 12.3(2)xe4 (including) |
| Ios | Cisco | 12.3(2)xf (including) | 12.3(2)xf (including) |
| Ios | Cisco | 12.3(3)b (including) | 12.3(3)b (including) |
| Ios | Cisco | 12.3(3)b1 (including) | 12.3(3)b1 (including) |
| Ios | Cisco | 12.3(4)t (including) | 12.3(4)t (including) |
| Ios | Cisco | 12.3(4)t1 (including) | 12.3(4)t1 (including) |
| Ios | Cisco | 12.3(4)t2 (including) | 12.3(4)t2 (including) |
| Ios | Cisco | 12.3(4)t3 (including) | 12.3(4)t3 (including) |
| Ios | Cisco | 12.3(4)t4 (including) | 12.3(4)t4 (including) |
| Ios | Cisco | 12.3(4)t5 (including) | 12.3(4)t5 (including) |
| Ios | Cisco | 12.3(4)t6 (including) | 12.3(4)t6 (including) |
| Ios | Cisco | 12.3(4)t7 (including) | 12.3(4)t7 (including) |
| Ios | Cisco | 12.3(4)t8 (including) | 12.3(4)t8 (including) |
| Ios | Cisco | 12.3(4)t9 (including) | 12.3(4)t9 (including) |
| Ios | Cisco | 12.3(4)t10 (including) | 12.3(4)t10 (including) |
| Ios | Cisco | 12.3(4)t11 (including) | 12.3(4)t11 (including) |
| Ios | Cisco | 12.3(4)tpc11a (including) | 12.3(4)tpc11a (including) |
| Ios | Cisco | 12.3(4)xd (including) | 12.3(4)xd (including) |
| Ios | Cisco | 12.3(4)xd1 (including) | 12.3(4)xd1 (including) |
| Ios | Cisco | 12.3(4)xd2 (including) | 12.3(4)xd2 (including) |
| Ios | Cisco | 12.3(4)xd3 (including) | 12.3(4)xd3 (including) |
| Ios | Cisco | 12.3(4)xd4 (including) | 12.3(4)xd4 (including) |
| Ios | Cisco | 12.3(4)xg (including) | 12.3(4)xg (including) |
| Ios | Cisco | 12.3(4)xg1 (including) | 12.3(4)xg1 (including) |
| Ios | Cisco | 12.3(4)xg2 (including) | 12.3(4)xg2 (including) |
| Ios | Cisco | 12.3(4)xg3 (including) | 12.3(4)xg3 (including) |
| Ios | Cisco | 12.3(4)xg4 (including) | 12.3(4)xg4 (including) |
| Ios | Cisco | 12.3(4)xg5 (including) | 12.3(4)xg5 (including) |
| Ios | Cisco | 12.3(4)xh (including) | 12.3(4)xh (including) |
| Ios | Cisco | 12.3(4)xh1 (including) | 12.3(4)xh1 (including) |
| Ios | Cisco | 12.3(4)xk (including) | 12.3(4)xk (including) |
| Ios | Cisco | 12.3(4)xk1 (including) | 12.3(4)xk1 (including) |
| Ios | Cisco | 12.3(4)xk2 (including) | 12.3(4)xk2 (including) |
| Ios | Cisco | 12.3(4)xk3 (including) | 12.3(4)xk3 (including) |
| Ios | Cisco | 12.3(4)xk4 (including) | 12.3(4)xk4 (including) |
| Ios | Cisco | 12.3(4)xq (including) | 12.3(4)xq (including) |
| Ios | Cisco | 12.3(4)xq1 (including) | 12.3(4)xq1 (including) |
| Ios | Cisco | 12.3(4)ye (including) | 12.3(4)ye (including) |
| Ios | Cisco | 12.3(4)ye1 (including) | 12.3(4)ye1 (including) |
| Ios | Cisco | 12.3(5a)b (including) | 12.3(5a)b (including) |
| Ios | Cisco | 12.3(5a)b0a (including) | 12.3(5a)b0a (including) |
| Ios | Cisco | 12.3(5a)b1 (including) | 12.3(5a)b1 (including) |
| Ios | Cisco | 12.3(5a)b2 (including) | 12.3(5a)b2 (including) |
| Ios | Cisco | 12.3(5a)b3 (including) | 12.3(5a)b3 (including) |
| Ios | Cisco | 12.3(5a)b4 (including) | 12.3(5a)b4 (including) |
| Ios | Cisco | 12.3(5a)b5 (including) | 12.3(5a)b5 (including) |
| Ios | Cisco | 12.3(7)jx9 (including) | 12.3(7)jx9 (including) |
| Ios | Cisco | 12.3(7)t (including) | 12.3(7)t (including) |
| Ios | Cisco | 12.3(7)t1 (including) | 12.3(7)t1 (including) |
| Ios | Cisco | 12.3(7)t2 (including) | 12.3(7)t2 (including) |
| Ios | Cisco | 12.3(7)t3 (including) | 12.3(7)t3 (including) |
| Ios | Cisco | 12.3(7)t4 (including) | 12.3(7)t4 (including) |
| Ios | Cisco | 12.3(7)t6 (including) | 12.3(7)t6 (including) |
| Ios | Cisco | 12.3(7)t7 (including) | 12.3(7)t7 (including) |
| Ios | Cisco | 12.3(7)t8 (including) | 12.3(7)t8 (including) |
| Ios | Cisco | 12.3(7)t9 (including) | 12.3(7)t9 (including) |
| Ios | Cisco | 12.3(7)t10 (including) | 12.3(7)t10 (including) |
| Ios | Cisco | 12.3(7)t11 (including) | 12.3(7)t11 (including) |
| Ios | Cisco | 12.3(7)t12 (including) | 12.3(7)t12 (including) |
| Ios | Cisco | 12.3(7)xi3a (including) | 12.3(7)xi3a (including) |
| Ios | Cisco | 12.3(7)xl (including) | 12.3(7)xl (including) |
| Ios | Cisco | 12.3(7)xr (including) | 12.3(7)xr (including) |
| Ios | Cisco | 12.3(7)xr1 (including) | 12.3(7)xr1 (including) |
| Ios | Cisco | 12.3(7)xr2 (including) | 12.3(7)xr2 (including) |
| Ios | Cisco | 12.3(7)xr3 (including) | 12.3(7)xr3 (including) |
| Ios | Cisco | 12.3(7)xr4 (including) | 12.3(7)xr4 (including) |
| Ios | Cisco | 12.3(7)xr5 (including) | 12.3(7)xr5 (including) |
| Ios | Cisco | 12.3(7)xr6 (including) | 12.3(7)xr6 (including) |
| Ios | Cisco | 12.3(7)xs (including) | 12.3(7)xs (including) |
| Ios | Cisco | 12.3(7)xs1 (including) | 12.3(7)xs1 (including) |
| Ios | Cisco | 12.3(7)xs2 (including) | 12.3(7)xs2 (including) |
| Ios | Cisco | 12.3(8)jk (including) | 12.3(8)jk (including) |
| Ios | Cisco | 12.3(8)t (including) | 12.3(8)t (including) |
| Ios | Cisco | 12.3(8)t1 (including) | 12.3(8)t1 (including) |
| Ios | Cisco | 12.3(8)t2 (including) | 12.3(8)t2 (including) |
| Ios | Cisco | 12.3(8)t3 (including) | 12.3(8)t3 (including) |
| Ios | Cisco | 12.3(8)t4 (including) | 12.3(8)t4 (including) |
| Ios | Cisco | 12.3(8)t5 (including) | 12.3(8)t5 (including) |
| Ios | Cisco | 12.3(8)t6 (including) | 12.3(8)t6 (including) |
| Ios | Cisco | 12.3(8)t7 (including) | 12.3(8)t7 (including) |
| Ios | Cisco | 12.3(8)t8 (including) | 12.3(8)t8 (including) |
| Ios | Cisco | 12.3(8)t9 (including) | 12.3(8)t9 (including) |
| Ios | Cisco | 12.3(8)t10 (including) | 12.3(8)t10 (including) |
| Ios | Cisco | 12.3(8)t11 (including) | 12.3(8)t11 (including) |
| Ios | Cisco | 12.3(8)xx (including) | 12.3(8)xx (including) |
| Ios | Cisco | 12.3(8)xx1 (including) | 12.3(8)xx1 (including) |
| Ios | Cisco | 12.3(8)xx2 (including) | 12.3(8)xx2 (including) |
| Ios | Cisco | 12.3(8)xx2a (including) | 12.3(8)xx2a (including) |
| Ios | Cisco | 12.3(8)xx2b (including) | 12.3(8)xx2b (including) |
| Ios | Cisco | 12.3(8)xx2c (including) | 12.3(8)xx2c (including) |
| Ios | Cisco | 12.3(8)ya (including) | 12.3(8)ya (including) |
| Ios | Cisco | 12.3(8)ya1 (including) | 12.3(8)ya1 (including) |
| Ios | Cisco | 12.3(8)yc (including) | 12.3(8)yc (including) |
| Ios | Cisco | 12.3(8)yc1 (including) | 12.3(8)yc1 (including) |
| Ios | Cisco | 12.3(8)yc2 (including) | 12.3(8)yc2 (including) |
| Ios | Cisco | 12.3(8)yc3 (including) | 12.3(8)yc3 (including) |
| Ios | Cisco | 12.3(8)yd (including) | 12.3(8)yd (including) |
| Ios | Cisco | 12.3(8)yd1 (including) | 12.3(8)yd1 (including) |
| Ios | Cisco | 12.3(8)yg (including) | 12.3(8)yg (including) |
| Ios | Cisco | 12.3(8)yg1 (including) | 12.3(8)yg1 (including) |
| Ios | Cisco | 12.3(8)yg2 (including) | 12.3(8)yg2 (including) |
| Ios | Cisco | 12.3(8)yg3 (including) | 12.3(8)yg3 (including) |
| Ios | Cisco | 12.3(8)yg4 (including) | 12.3(8)yg4 (including) |
| Ios | Cisco | 12.3(8)yg5 (including) | 12.3(8)yg5 (including) |
| Ios | Cisco | 12.3(8)yh (including) | 12.3(8)yh (including) |
| Ios | Cisco | 12.3(8)yi (including) | 12.3(8)yi (including) |
| Ios | Cisco | 12.3(8)yi1 (including) | 12.3(8)yi1 (including) |
| Ios | Cisco | 12.3(8)yi2 (including) | 12.3(8)yi2 (including) |
| Ios | Cisco | 12.3(8)yi3 (including) | 12.3(8)yi3 (including) |
| Ios | Cisco | 12.3(8)za (including) | 12.3(8)za (including) |
| Ios | Cisco | 12.3(9)m0 (including) | 12.3(9)m0 (including) |
| Ios | Cisco | 12.3(9)m1 (including) | 12.3(9)m1 (including) |
| Ios | Cisco | 12.3(10a)m0 (including) | 12.3(10a)m0 (including) |
| Ios | Cisco | 12.3(11)ja2 (including) | 12.3(11)ja2 (including) |
| Ios | Cisco | 12.3(11)jx (including) | 12.3(11)jx (including) |
| Ios | Cisco | 12.3(11)jx1 (including) | 12.3(11)jx1 (including) |
| Ios | Cisco | 12.3(11)t (including) | 12.3(11)t (including) |
| Ios | Cisco | 12.3(11)t1 (including) | 12.3(11)t1 (including) |
| Ios | Cisco | 12.3(11)t2 (including) | 12.3(11)t2 (including) |
| Ios | Cisco | 12.3(11)t3 (including) | 12.3(11)t3 (including) |
| Ios | Cisco | 12.3(11)t4 (including) | 12.3(11)t4 (including) |
| Ios | Cisco | 12.3(11)t5 (including) | 12.3(11)t5 (including) |
| Ios | Cisco | 12.3(11)t6 (including) | 12.3(11)t6 (including) |
| Ios | Cisco | 12.3(11)t7 (including) | 12.3(11)t7 (including) |
| Ios | Cisco | 12.3(11)t8 (including) | 12.3(11)t8 (including) |
| Ios | Cisco | 12.3(11)t9 (including) | 12.3(11)t9 (including) |
| Ios | Cisco | 12.3(11)t10 (including) | 12.3(11)t10 (including) |
| Ios | Cisco | 12.3(11)t11 (including) | 12.3(11)t11 (including) |
| Ios | Cisco | 12.3(11)to3 (including) | 12.3(11)to3 (including) |
| Ios | Cisco | 12.3(11)xl (including) | 12.3(11)xl (including) |
| Ios | Cisco | 12.3(11)xl1 (including) | 12.3(11)xl1 (including) |
| Ios | Cisco | 12.3(11)xl2 (including) | 12.3(11)xl2 (including) |
| Ios | Cisco | 12.3(11)xl3 (including) | 12.3(11)xl3 (including) |
| Ios | Cisco | 12.3(11)yf2 (including) | 12.3(11)yf2 (including) |
| Ios | Cisco | 12.3(11)yk (including) | 12.3(11)yk (including) |
| Ios | Cisco | 12.3(11)yk1 (including) | 12.3(11)yk1 (including) |
| Ios | Cisco | 12.3(11)yk2 (including) | 12.3(11)yk2 (including) |
| Ios | Cisco | 12.3(11)yl (including) | 12.3(11)yl (including) |
| Ios | Cisco | 12.3(11)yl1 (including) | 12.3(11)yl1 (including) |
| Ios | Cisco | 12.3(11)yl2 (including) | 12.3(11)yl2 (including) |
| Ios | Cisco | 12.3(11)ys (including) | 12.3(11)ys (including) |
| Ios | Cisco | 12.3(11)ys1 (including) | 12.3(11)ys1 (including) |
| Ios | Cisco | 12.3(11)yz (including) | 12.3(11)yz (including) |
| Ios | Cisco | 12.3(11)yz1 (including) | 12.3(11)yz1 (including) |
| Ios | Cisco | 12.3(11)zb (including) | 12.3(11)zb (including) |
| Ios | Cisco | 12.3(11)zb1 (including) | 12.3(11)zb1 (including) |
| Ios | Cisco | 12.3(14)t (including) | 12.3(14)t (including) |
| Ios | Cisco | 12.3(14)t1 (including) | 12.3(14)t1 (including) |
| Ios | Cisco | 12.3(14)t2 (including) | 12.3(14)t2 (including) |
| Ios | Cisco | 12.3(14)t3 (including) | 12.3(14)t3 (including) |
| Ios | Cisco | 12.3(14)t4 (including) | 12.3(14)t4 (including) |
| Ios | Cisco | 12.3(14)t5 (including) | 12.3(14)t5 (including) |
| Ios | Cisco | 12.3(14)t6 (including) | 12.3(14)t6 (including) |
| Ios | Cisco | 12.3(14)t7 (including) | 12.3(14)t7 (including) |
| Ios | Cisco | 12.3(14)ym2 (including) | 12.3(14)ym2 (including) |
| Ios | Cisco | 12.3(14)ym3 (including) | 12.3(14)ym3 (including) |
| Ios | Cisco | 12.3(14)ym4 (including) | 12.3(14)ym4 (including) |
| Ios | Cisco | 12.3(14)ym5 (including) | 12.3(14)ym5 (including) |
| Ios | Cisco | 12.3(14)ym6 (including) | 12.3(14)ym6 (including) |
| Ios | Cisco | 12.3(14)ym7 (including) | 12.3(14)ym7 (including) |
| Ios | Cisco | 12.3(14)ym8 (including) | 12.3(14)ym8 (including) |
| Ios | Cisco | 12.3(14)ym9 (including) | 12.3(14)ym9 (including) |
| Ios | Cisco | 12.3(14)yt (including) | 12.3(14)yt (including) |
| Ios | Cisco | 12.3(14)yt1 (including) | 12.3(14)yt1 (including) |
| Ios | Cisco | 12.4(2)t (including) | 12.4(2)t (including) |
| Ios | Cisco | 12.4(2)t1 (including) | 12.4(2)t1 (including) |
| Ios | Cisco | 12.4(2)t2 (including) | 12.4(2)t2 (including) |
| Ios | Cisco | 12.4(2)t3 (including) | 12.4(2)t3 (including) |
| Ios | Cisco | 12.4(2)t4 (including) | 12.4(2)t4 (including) |
| Ios | Cisco | 12.4(2)t5 (including) | 12.4(2)t5 (including) |
| Ios | Cisco | 12.4(2)xa (including) | 12.4(2)xa (including) |
| Ios | Cisco | 12.4(2)xa1 (including) | 12.4(2)xa1 (including) |
| Ios | Cisco | 12.4(2)xa2 (including) | 12.4(2)xa2 (including) |
| Ios | Cisco | 12.4(4)t (including) | 12.4(4)t (including) |
| Ios | Cisco | 12.4(4)t1 (including) | 12.4(4)t1 (including) |
| Ios | Cisco | 12.4(4)t2 (including) | 12.4(4)t2 (including) |
| Ios | Cisco | 12.4(4)t3 (including) | 12.4(4)t3 (including) |
| Ios | Cisco | 12.4(4)t4 (including) | 12.4(4)t4 (including) |
| Ios | Cisco | 12.4(4)t5 (including) | 12.4(4)t5 (including) |
| Ios | Cisco | 12.4(4)xc (including) | 12.4(4)xc (including) |
| Ios | Cisco | 12.4(4)xc1 (including) | 12.4(4)xc1 (including) |
| Ios | Cisco | 12.4(4)xc2 (including) | 12.4(4)xc2 (including) |
| Ios | Cisco | 12.4(4)xc3 (including) | 12.4(4)xc3 (including) |
| Ios | Cisco | 12.4(4)xc4 (including) | 12.4(4)xc4 (including) |
| Ios | Cisco | 12.4(4)xc5 (including) | 12.4(4)xc5 (including) |
| Ios | Cisco | 12.4(4)xd (including) | 12.4(4)xd (including) |
| Ios | Cisco | 12.4(4)xd1 (including) | 12.4(4)xd1 (including) |
| Ios | Cisco | 12.4(4)xd2 (including) | 12.4(4)xd2 (including) |
| Ios | Cisco | 12.4(4)xd3 (including) | 12.4(4)xd3 (including) |
| Ios | Cisco | 12.4(5a)m0 (including) | 12.4(5a)m0 (including) |
| Ios | Cisco | 12.4(6)t (including) | 12.4(6)t (including) |
| Ios | Cisco | 12.4(6)t1 (including) | 12.4(6)t1 (including) |
| Ios | Cisco | 12.4(6)t2 (including) | 12.4(6)t2 (including) |
| Ios | Cisco | 12.4(6)t3 (including) | 12.4(6)t3 (including) |
| Ios | Cisco | 12.4(6)t4 (including) | 12.4(6)t4 (including) |
| Ios | Cisco | 12.4(6)t5 (including) | 12.4(6)t5 (including) |
| Ios | Cisco | 12.4(6)xe (including) | 12.4(6)xe (including) |
| Ios | Cisco | 12.4(6)xe1 (including) | 12.4(6)xe1 (including) |
| Ios | Cisco | 12.4(6)xe2 (including) | 12.4(6)xe2 (including) |
| Ios | Cisco | 12.4(9)t (including) | 12.4(9)t (including) |
| Ios | Cisco | 12.4(9)t0a (including) | 12.4(9)t0a (including) |
| Ios | Cisco | 12.4(9)t1 (including) | 12.4(9)t1 (including) |
| Ios | Cisco | 12.4(11)sw (including) | 12.4(11)sw (including) |
| Ios | Cisco | 12.4(11)sw1 (including) | 12.4(11)sw1 (including) |
Potential Mitigations
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
References
- http://seclists.org/bugtraq/2009/Jan/0183.html
- http://secunia.com/advisories/25199
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml
- http://www.exploit-db.com/exploits/6155
- http://www.osvdb.org/35334
- http://www.securityfocus.com/archive/1/494868
- http://www.securityfocus.com/bid/23885
- http://www.securitytracker.com/id?1018030
- http://www.vupen.com/english/advisories/2007/1749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34197
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036
- http://seclists.org/bugtraq/2009/Jan/0183.html
- http://secunia.com/advisories/25199
- http://www.cisco.com/en/US/products/products_security_advisory09186a00808399d0.shtml
- http://www.exploit-db.com/exploits/6155
- http://www.osvdb.org/35334
- http://www.securityfocus.com/archive/1/494868
- http://www.securityfocus.com/bid/23885
- http://www.securitytracker.com/id?1018030
- http://www.vupen.com/english/advisories/2007/1749
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34197
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5036