Cisco devices running certain 12.2-based IOS
releases and configured to offer Secure Copy server
functionality are affected by this issue.
A device running a vulnerable Cisco IOS 12.2-based is affected if the
following command is present in the device configuration:
ip scp server enable
The IOS Secure Copy server is disabled by default.
The Secure Copy server functionality is only available on
encryption-capable images. Devices that do not run an encryption-capable
images, which contain either k8 or k9 in the image name, are not vulnerable. If
a device is running an encryption-capable image, the existence of the
ip scp server enable command in the configuration
will determine whether the device is affected.
Please consult the table of fixed software in the
Software Version and Fixes section for the
specific 12.2-based IOS releases that are affected.
To determine the software running on a Cisco product, log in to the
device and issue the show version command to display
the system banner. Cisco IOS software will identify itself as "Internetwork
Operating System Software" or simply "IOS". The image name will be displayed
between parentheses on the next line of output followed by "Version" and IOS
release name. Other Cisco devices will not have the show
version command or will give different output.
The following example identifies a Cisco product running IOS release
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(18)SXF10, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Fri 13-Jul-07 08:32 by kellythw
Additional information about Cisco IOS release naming is available at
Cisco devices that do not run IOS are not affected.
Cisco IOS devices that do not have the Secure Copy server feature
enabled are not affected.
The following IOS release trains are not affected:
Cisco IOS XR is not affected.
No other Cisco devices are known to be affected.