Vulnerability-Lookup

CERTA-2007-AVI-350

Vulnerability from certfr_avis - Published: 2007-08-10 - Updated: 2007-08-10

De multiples vulnérabilités affectent différentes versions de Cisco IOS et permettent notament d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités affectent Cisco IOS :

la première (cisco-sa-20070808-scp), affectant l'implémentation de Secure Copy (SCP), permet à un utilisateur connecté localement de contourner la politique de sécurité ;
la seconde (cisco-sa-20070808-nhrp), présente dans le protocol Next Hop Resolution Protocol (NHRP), permet à un utilisateur distant malintentionné de réaliser un déni de service ou d'exécuter du code arbitraire par le biais d'un paquet spécialement conçu ;
la troisième (cisco-sa-20070808-IOS-IPv6-leak) permet à un utilisateur distant de réaliser un déni de service ou de porter atteinte à la confidentialité des données par le biais d'un paquet IPv6 malicieusement construit ;
les dernières (cisco-sa-20070808-IOS-voice) concernent également le produit Cisco Unified Communications Manager. Ces vulnérabilités affectent les protocoles Session Initiation Protocal (SIP), Media Gateway Control Protocol (MGCP), H.323, H.254, Real-time Transport Protocol (RTP) et Facsimile reception. Un utilisateur distant exploitant ces vulnérabilités peut réaliser un déni de service ou exécuter du code arbitraire par le biais d'un paquet malicieusement construit.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Unified Communications Manager	Cisco Unified Communications Manager.
Cisco	IOS XR	Cisco IOS XR 3.x ;
Cisco	IOS	Cisco IOS R12.x ;
Cisco	IOS	Cisco IOS 12.x ;

References

Title

Publication Time

Tags

Bulletins de sécurité Cisco du 08 août 2007	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20070808-IOS-voice du 08 août 2007 :	-	other
Bulletin de sécurité Cisco cisco-sa-20070808-IOS-IPv6-leak du 08 août 2007 :	-	other
Bulletin de sécurité Cisco cisco-sa-20070808-nhrp du 08 août 2007 :	-	other
Bulletin de sécurité Cisco cisco-sa-20070808-scp du 08 août 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Communications Manager.",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XR 3.x ;",
      "product": {
        "name": "IOS XR",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS R12.x ;",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS 12.x ;",
      "product": {
        "name": "IOS",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent Cisco IOS :\n\n-   la premi\u00e8re (cisco-sa-20070808-scp), affectant l\u0027impl\u00e9mentation de\n    Secure Copy (SCP), permet \u00e0 un utilisateur connect\u00e9 localement de\n    contourner la politique de s\u00e9curit\u00e9 ;\n-   la seconde (cisco-sa-20070808-nhrp), pr\u00e9sente dans le protocol Next\n    Hop Resolution Protocol (NHRP), permet \u00e0 un utilisateur distant\n    malintentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\n    arbitraire par le biais d\u0027un paquet sp\u00e9cialement con\u00e7u ;\n-   la troisi\u00e8me (cisco-sa-20070808-IOS-IPv6-leak) permet \u00e0 un\n    utilisateur distant de r\u00e9aliser un d\u00e9ni de service ou de porter\n    atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es par le biais d\u0027un paquet\n    IPv6 malicieusement construit ;\n-   les derni\u00e8res (cisco-sa-20070808-IOS-voice) concernent \u00e9galement le\n    produit Cisco Unified Communications Manager. Ces vuln\u00e9rabilit\u00e9s\n    affectent les protocoles Session Initiation Protocal (SIP), Media\n    Gateway Control Protocol (MGCP), H.323, H.254, Real-time Transport\n    Protocol (RTP) et Facsimile reception. Un utilisateur distant\n    exploitant ces vuln\u00e9rabilit\u00e9s peut r\u00e9aliser un d\u00e9ni de service ou\n    ex\u00e9cuter du code arbitraire par le biais d\u0027un paquet malicieusement\n    construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-4263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4263"
    }
  ],
  "initial_release_date": "2007-08-10T00:00:00",
  "last_revision_date": "2007-08-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20070808-IOS-voice du    08 ao\u00fbt 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20070808-IOS-IPv6-leak    du 08 ao\u00fbt 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20070808-nhrp du 08    ao\u00fbt 2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20070808-scp du 08 ao\u00fbt    2007 :",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml"
    }
  ],
  "reference": "CERTA-2007-AVI-350",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-08-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent diff\u00e9rentes versions de Cisco IOS\net permettent notament d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Cisco du 08 ao\u00fbt 2007",
      "url": null
    }
  ]
}

CVE-2007-4263 (GCVE-0-2007-4263)

Vulnerability from cvelistv5 – Published: 2007-08-08 23:00 – Updated: 2024-08-07 14:46

Summary

Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2007/2817	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/26361	third-party-advisoryx_refsource_SECUNIA
	http://www.cisco.com/warp/public/707/cisco-sa-200…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id?1018534	vdb-entryx_refsource_SECTRACK
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/25240	vdb-entryx_refsource_BID
	http://osvdb.org/36694	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:39.424Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-2817",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2817"
          },
          {
            "name": "26361",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26361"
          },
          {
            "name": "20070808 Cisco IOS Secure Copy Authorization Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml"
          },
          {
            "name": "1018534",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1018534"
          },
          {
            "name": "oval:org.mitre.oval:def:5542",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5542"
          },
          {
            "name": "cisco-ios-scp-file-overwrite(35872)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35872"
          },
          {
            "name": "25240",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25240"
          },
          {
            "name": "36694",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36694"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device\u0027s filesystem via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-2817",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2817"
        },
        {
          "name": "26361",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26361"
        },
        {
          "name": "20070808 Cisco IOS Secure Copy Authorization Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml"
        },
        {
          "name": "1018534",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1018534"
        },
        {
          "name": "oval:org.mitre.oval:def:5542",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5542"
        },
        {
          "name": "cisco-ios-scp-file-overwrite(35872)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35872"
        },
        {
          "name": "25240",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25240"
        },
        {
          "name": "36694",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36694"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device\u0027s filesystem via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-2817",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2817"
            },
            {
              "name": "26361",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26361"
            },
            {
              "name": "20070808 Cisco IOS Secure Copy Authorization Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml"
            },
            {
              "name": "1018534",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1018534"
            },
            {
              "name": "oval:org.mitre.oval:def:5542",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5542"
            },
            {
              "name": "cisco-ios-scp-file-overwrite(35872)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35872"
            },
            {
              "name": "25240",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25240"
            },
            {
              "name": "36694",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36694"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4263",
    "datePublished": "2007-08-08T23:00:00",
    "dateReserved": "2007-08-08T00:00:00",
    "dateUpdated": "2024-08-07T14:46:39.424Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2007-AVI-350

Description

Solution

CVE-2007-4263 (GCVE-0-2007-4263)

Tags

Sightings

Nomenclature