Cisco discloses IOS FTP server flaws
Cisco revealed multiple vulnerabilities in its IOS FTP server this week.The flaws can result in DoS attacks or malicious users gaining unauthorised privileges.
Cisco products running IOS and configured for FTP server functionality are affected by the flaw, according to a company security advisory released Wednesday.
Successful exploitation can allow remote users access to the IOS device’s filesystem, which can lead to DoS attacks, according to Cisco, which advised network administrators to disable the FTP server feature as a workaround.
The vulnerabilities exist in IOS versions 11 and 12, according to Cisco.
A Cisco representative could not immediately be reached for comment today.
One flaw exists when verifying user credentials in the IOS FTP server, while the other exists when transferring files via FTP server, according to vulnerability monitoring firms.
Secunia ranked the flaws as "moderately critical" in an advisory released today, while FrSIRT ranked them as a "moderate risk."
Adam Powers, Lancope CTO, told SCMagazine.com today that the flaws do not pose a major risk for networks because FTP server is turned off by default.
"You’re definitely going to have some lower-end administrators who have just messed up [and turned it on]. It’s usually human error in these cases that causes the problem," he said. "The fact is that this is not going to impact a large portion of the customer base."