Remote Cisco IOS FTP exploit (fwd)


The IOS FTP server vulnerabilities were published in an advisory by
Cisco in May 2007. The FTP server does not run by default, it is not
widely used and has since been removed from new versions of IOS.
Therefore, I took the decision to release this exploit code in order
to show that IOS can be reliably exploited to provide remote level 15
exec shell access. This clearly demonstrates that patching your router
is just as important as patching your servers.

To prevent its widespread abuse I have omitted a critical step which
means that it will only work when the router is connected to a
debugger - not something you are likely to encounter on the Internet

Anyway, hopefully this will promote further IOS security research as
there's plenty left to look at!




  Cisco IOS FTP server remote exploit by Andy Davis 2008

  Cisco Advisory ID: cisco-sa-20070509-iosftp - May 2007

  Specific hard-coded addresses for IOS 12.3(18) on a 2621XM router

  Removes the requirement to authenticate and escalates to level 15