The vulnerabilities lie within a little-used component in IOS, an operating system used to control Cisco's networking hardware.
IOS 11.3, 12.0, 12.1, 12.2, 12.3 and 12.4 all contain the vulnerability. The latest version of the software, IOS XR, is not affected.
An attacker could remotely exploit flaws in the FTP Server component of IOS to break into a network and steal data or execute malicious code. FTP is a protocol used to transfer files over a network.
IOS FTP Server is not enabled by default, and is usually used only to manage FTP servers. Cisco has issued an update that disables the component, but users can also manually disable FTP Server within IOS.
Cisco said that the offending component will be removed in all future IOS releases and will possibly be replaced by new FTP software at a later date.
The company recommends users to switch to IOS Secure Copy or Trivial File Transfer Protocol systems to transfer files.
Secunia rated the vulnerability 'moderately critical', the third of its five severity levels.
The security firm noted that, while the vulnerabilities allow attackers to view files and remotely execute code, the affected component is not enabled by default.
_(5).jpg&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
