Cisco IOS FTP Server Authentication Bypass Vulnerability

Summary
The Cisco IOS FTP server is enabled on the remote system. Description : The FTP server does not properly verify authentication, allowing for anonymous access to the file system. An attacker could use the ftp server to view/download confidential configuration files, or upload replacements which will be used at startup.
Solution
Disable the FTP Server by using 'no ftp-server enable' or upgrade to a newer release (see cisco-sa-20070509-iosftp).
References