Cisco Security Advisory – The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device’s file system, including the device’s saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76063/cisco-sa-20090325-scp.txt
Source: https://packetstormsecurity.com/files/76063/Cisco-Security-Advisory-20090325-scp.html