7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.1%
The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.
secunia.com/advisories/34438
securitytracker.com/id?1021899
www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml
www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml
www.securityfocus.com/bid/34247
www.vupen.com/english/advisories/2009/0851
exchange.xforce.ibmcloud.com/vulnerabilities/49423