CVE-2009-0637

N/A Unknown
Published: March 27, 2009 Modified: April 23, 2026
View on NVD

Description

The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/34438
Source: psirt@cisco.com
Vendor Advisory
http://securitytracker.com/id?1021899
Source: psirt@cisco.com
Third Party Advisory VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml
Source: psirt@cisco.com
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml
Source: psirt@cisco.com
Vendor Advisory
http://www.securityfocus.com/bid/34247
Source: psirt@cisco.com
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/0851
Source: psirt@cisco.com
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/49423
Source: psirt@cisco.com
Third Party Advisory VDB Entry
http://secunia.com/advisories/34438
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1021899
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c8.shtml
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/34247
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2009/0851
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/49423
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.3%
80th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

cisco

Related CVEs

CVE-2026-7002 7.3
CVE-2026-7001 2.4
CVE-2026-7000 2.4
CVE-2026-6999 2.4
CVE-2026-6998 2.4