Vigil@nce - Cisco IOS XR: denial of service via SCP or SFTP
May 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can bypass access restrictions of Cisco
IOS XR, in order to create a denial of service.
Impacted products: IOS XR Cisco.
Severity: 2/4.
Creation date: 24/03/2016.
Revision date: 07/04/2016.
DESCRIPTION OF THE VULNERABILITY
The Cisco IOS XR product offers a service SCP (Secure Copy
Protocol) and SFTP (Secure FTP).
However, an authenticated attacker can bypass access restrictions
to data, and overwrite system files.
An authenticated attacker can therefore bypass access restrictions
of Cisco IOS XR, in order to create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Cisco-IOS-XR-denial-of-service-via-SCP-or-SFTP-19234