VDB
CVE-2007-2586
CVE-2007-2586
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
EPSS 60.75% · 98.3th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
60.75%
98.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios | *, 12.0\(1\)t, 12.0\(1\)t1 |
| n/a | n/a | n/a |
Exploit Intelligence
- 20080729 Remote Cisco IOS FTP exploit (cve.org)
- 20090120 Re: Remote Cisco IOS FTP exploit (cve.org)
- 6155 (cve.org)
- CIRCL confirmed: CVE-2007-2586 (circl-sighting)
- 1018030 (circl)
- 25199 (circl)
- cisco-ios-ftp-unauthorized-access(34197) (circl)
- oval:org.mitre.oval:def:5036 (circl)
- ADV-2007-1749 (circl)
- 23885 (circl)
…and 6 more exploits
Timeline
- May 9, 2007 CVE Published
- May 9, 2007 PoC Published
- Jul 29, 2008 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 20070509 Multiple Vulnerabilities in the IOS FTP Server vendor-advisory
- 20080729 Remote Cisco IOS FTP exploit mailing-list
- ADV-2007-1749 vdb
- 25199 third-party-advisory
- cisco-ios-ftp-unauthorized-access(34197) vdb
- oval:org.mitre.oval:def:5036 vdb
- 1018030 vdb
- 23885 vdb
- 20090120 Re: Remote Cisco IOS FTP exploit mailing-list
- 6155 exploit
- 35334 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-2586 advisory